Saturday, May 21, 2016

One more try to skin a cat


I mentioned several times before, that the proper and relatively simple way to bring back trust in PKI would be to replace the existing tree-like hierarchy of X.509 certificates with something, which should ensure, that no CA (Certificate Authority) breach alone would compromise thousands of certificates and millions of TLS connections and signed documents.

Obviously, counter-signing all CA certificates in another one or two certificate authorities would be a logical step. And this is exactly what Microsoft has been doing with code-signing certificates for kernel-mode signing for years.

There's a different approach available as well, though. This is splitting of the private key (of CA certificates, as I understand) among several CAs. This approach is offered by Apache Milagro project.

At first sight the project seems to offer great ideas and great solutions. Well, until you start looking at practical applicability and openness of the project and of the formats and protocols besides it. The makers didn't go for standard RFC-defined protocols. Neither they opened their protocols or made them a standard.

In opposite, the project is offering a library for some programming languages and platforms. This is the approach that corrodes the industry. As often said, open-source != free. The open-source project doesn't mean an open standard for the community to implement. In opposite, we are seeing that the vendor is trying to push his proprietary solutions to the market by declaring them as open-source.

I strongly believe, that the developer community should not use such solution, as it is more of a troyan horse, than an open standard that improves the existing corpus of  industry-adopted PKI-related standards.