This has not changed since I started working in security in the
days when dinosaurs roamed the earth and megabytes were only found
on disk drives. We released a Unix variant that we charged $5000
extra for because it had an unprivileged root (using POSIX
capabilities) and every customer's first questions was "How do I
become Real Root?".
-- Casey Schaufler
So here we are on the cusp of something. At long last, we're finally
approaching the critical mass necessary to replace the CA system that we've
long since grown out of. But when evaluating replacement models for the CA
system, the very first question we should ask is "who do I have to trust,
and for how long?" If the answer is "a prescribed set of people, forever"
we should probably proceed with extreme caution. I believe that if we don't
develop a solution which offers trust agility, we will inevitably find
ourselves back in the exact same place that we're currently trying to
on "trust agility"
It might happen that someday ICANN will create some of these TLDs. There is
even talk that they might allow people to register (at a high cost)
arbitrary TLDs like .milk or .cookies. In that case, these
currently-invalid certificates will become valid because they will suddenly
refer to usable internet names. For example, imagine if Microsoft were able
to, in the future, register the .microsoft TLD so that they could have
www.microsoft for their web site address. As the Observatory shows, an
attacker can probably get a CA to sign that name today. Such an attacker
would be able to hijack Microsoft's web site on the very minute the new
name goes live.
on the EFF Deeplinks blog
to post comments)