Author(s): Stephanos Matsumoto, Raphael M. Reischuk

Download: Paper (PDF)

Date: 7 Feb 2015

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2015


We propose to leverage accountability mechanisms to deal with trust-related security incidents of certification authorities (CAs) in the SSL/TLS public-key infrastructure (PKI). We argue that, despite recent advances in securing certificate issuance and verification, the TLS PKI does not sufficiently incentivize careful identity verification by CAs during certificate issuance or provide CA accountability in the event of a certificate compromise. We propose a new paradigm, Certificates-as-an-Insurance, to hold CAs accountable for misbehavior by using insurance policies and benefits negotiated between the CA and the domain. We sketch our insurance model as an extension of the existing certification model and identify challenges in our approach for future research.