He was probably talking about the centralised model used with CAs, and trying to start a discussion about an alternative to the CA model, probably some way of decentralised control, hence the bitcoin reference.
Convergence [1] comes to mind.
I would be in favor of decentralised as well; nobody should have to pay money to some bunch of trolls just to use encryption; this is a friction point for a lot of newcomers to web development. In fact, making HTTPS free to use would probably be the best thing that could ever be done for cybersecurity for mankind. Make it zero-friction over HTTP, somehow.
Let's encrypt works on the assumption that there is no reason why https certificate cannot be easy (not as cumbersome?) to use AND free of cost. They hope to start availability in the middle of this year. Free of cost is possible. We just need to make it easy, reliable, and repeatable for domain name owners to prove their ownership.
Basically it means that I think that hierarchical trust doesn't work for me. Instead of bank buying certificate from some authority I'm supposed to trust I'd rather infer that this certificate is associated with this domain because it's written in some form of blockchain, unalterable and verified by multiple parties.
Honestly I have no idea how the current system is purported to work. And I just don't know what certificate is supposed to prove? That someone at some point in time had 100$ to spend on a cert? How's that more secure than self signed cert?
Why browser warns about self-signed and not about others? All thing seems to me to be more of a security theatre and money making scheme than actual trust system that reflects reality in any way.
> I just don't know what certificate is supposed to prove? That someone at some point in time had 100$ to spend on a cert? How's that more secure than self signed cert?
A standard domain-validated cert proves that the CA saw you as in control of the site's DNS. Because spoofing DNS for client machines is generally much easier than for servers this is a big improvement in security over a self-signed cert.
because web-of-trust-models worked so great for PGP/GPG. In theory that's great, but how can I confirm that the cert in the chain is indeed for google.com. Because it's trusted by chrome which I downloaded from google.com (or at least a machine pretending to be google.com) or because my computer-illiterate friends trust it? Or because my OS trusts that cert?
I agree that the current system is broken, but I fail to see how a distributed system magically fixes this, most notably the issue of bootstrapping trust. I foresee that the distributed model moves to a more centralized model where we trust apple, microsoft, ubuntu.
There's lots of newer research on trust-based systems that could be applicable here, e.g. a game-theoretic approach where entities are gauged based on ratings over repeated transactions. Think iterated prisoner's dilemma crossed with PageRank, which effectively wards against many types of collusion including simple sybil attacks. Most of it hasn't been validated in the real world on any scale, but I believe it is possible to do quite a bit better than we have seen - the only web-of-trust stuff I've seen in practice is ancient compared to the state of research.
One outstanding problem that comes to mind is certificate revocation when you have lost control of the private keys. I think a multi-sig solution could probably mitigate this to a fair extent, so you still have some level of pseudo-trust between entities and a way to effectively call someone up and say, "hey, I screwed up and need to kill this thing".
I agree, the bootstrapping trust is a hard issue, and I don't think either that a distributed system will magically fix things. What would happen is we'd just change one set of problems for another one, but IMHO it'd be a better system overall. In this case, making things more visible is a better thing. That's an interesting point about the way a distributed model would evolve. My question is: does it matter? If we could more easily spot a bad actor, wouldn't it make everyone behave better?
Bootstrapping trust should start from entities that actually have information about identity.
Also information about identity should be explicit and carried through the system. What happens now for me looks like bunching together good and toxic assets and creating derivatives. Creating something that to general to fail.
Some people in comment refer to previous incident that didn't have any repercussions probably because it would have too many consequences.
There is value in a higher barrier to entry. That much is seen in almost every place that has such barriers. Nintendo games are typically high quality and App Store apps are usually not (and Play Store -- not picking on anyone). I've seen much higher quality from sites hosted by regular hosting companies (and paid-for domains) than I do from sites like mysite.site99.commish.ru (if you'll excuse the exaggerated example). Self-signed is even worse than my exaggerated example when it comes to trustworthiness because there are far too many bad actors who want to do bad things but also don't have $100USD to spend on a cert. I don't doubt that some kind of better system can exist but self-signed is definitely less trustworthy.
From what I understand, and as I said I don't know much, the purpose of not self-signed certs is to provide trustworthy information about identity of entity that controls the domain.
I think that only government that issues my ID is the only party that can confirm my identity, so it, rather than private corporation should sign my cert only after it verifies my identity in the same way it would if for example I would testify in court.
If I wan't to associate cert with a company, only the office that registered my company can provide meaningful assurance about identity of my company.
The security of the system for propagating this assurance of identity of entity should not rely in any way on authority of any entity, public or private.
Also the assurances should be explicit. If someone confirms that I paid the utility bill for given address should only say that they confirm that I did that, not that I live there.
What does that even mean?