Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS
Download: Paper (PDF)
Date: 7 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
Abstract:
We propose to leverage accountability mechanisms to deal with trust-related security incidents of certification authorities (CAs) in the SSL/TLS public-key infrastructure (PKI). We argue that, despite recent advances in securing certificate issuance and verification, the TLS PKI does not sufficiently incentivize careful identity verification by CAs during certificate issuance or provide CA accountability in the event of a certificate compromise. We propose a new paradigm, Certificates-as-an-Insurance, to hold CAs accountable for misbehavior by using insurance policies and benefits negotiated between the CA and the domain. We sketch our insurance model as an extension of the existing certification model and identify challenges in our approach for future research.