|
|
Like blockchain, CA was initially a method for promoting connected commerce. Christopher Allen, a senior developer who helped establish the first certificate authority, VeriSign, imagined a system that would include multiple CAs, allowing users to choose which one to trust.
However, as the system expanded, it became increasingly unlikely that everyday users would actively manage their trust in various CAs. Most users now rely on the default values of browsers, giving browser companies effective control over user trust, which has made them powerful players in the certificate industry. Allen said:
"These large browser companies have established a new center of power."
Current Risks
While "trust" is centralized, the number of CAs continues to grow. There are currently hundreds of certificate authorities worldwide, and if just one of them makes a mistake, it can undermine the entire system. The worst event to date was the bankruptcy of the Dutch certificate authority DigiNotar in 2011. DigiNotar was hacked, resulting in around 300,000 Iranian Gmail accounts being monitored, and it forced many Dutch government online services to temporarily shut down.
Since then, there have been dozens of incidents, such as CAs issuing unverified certificates, using non-compliant security, and even attempting to deceive browser companies. These incidents, although not as severe as DigiNotar's case, have prompted the industry to increase security standards multiple times since 2011. However, some people believe it's time to seek a long-term alternative to CAs.
In 2015, a whitepaper outlined one such alternative, presented at the "Rebooting Web of Trust" workshop organized by Christopher Allen. The paper set goals for establishing a decentralized public key infrastructure (DPKI) to replace the current centralized system. It stated:
"The goal of DPKI is to ensure... that no single third party can compromise the integrity and security of the entire system."
The current ownership of web domains is recorded in the Domain Name System (DNS), and keys are certified by CAs. "Rebooting Web of Trust" envisioned a secure namespace to replace the existing system, where domain registrations and keys for each domain would be recorded on a blockchain.
A New Namespace
The Ethereum Name System (ENS) is currently attempting to construct a similar secure namespace for the Ethereum community. This ENS initiative provides an opportunity for the public to understand the feasibility of this idea and the challenges involved.
Developer Alex Van de Sande explained that his team often uses the sandwich metaphor to describe ENS's design. The "bread" in the ENS sandwich consists of two simple contracts. One contract sets the rule that if someone owns a domain, they have the right to obtain subdomains. The other contract handles payments.
Like a sandwich, ENS's complexity is sandwiched in the middle, where contract designates the "name registration rules." ENS aims to avoid domain squatting issues, which were common during the early days of network domains.
They also aim for the "least astonishment principle," which means people should not be surprised by who owns a certain domain. For example, it should be quite obvious that Bank of America has the right to use the domain "bankofamerica.eth." However, Van de Sande points out that designing a system that truly adheres to this principle is extremely challenging, even impractical.
He added that ENS will consider the first year after the reboot (ENS has already conducted two beta tests on the Test Net) as an opportunity to learn how to improve registration rules. If the rules change, domain owners can choose to change their names or request a refund.
Van de Sande hopes that ENS becomes a model and leads to similar uses. He added:
"ENS reflects what we imagine the internet should look like, but it doesn't mean it will actually develop that way."
Blockstack's Model
Another way to decentralize the infrastructure behind secure online communication is to ensure users can verify the messages they receive, rather than trying to protect the connection between servers and users.
Engineer Jude Nelson, who participated in the "Rebooting Web of Trust" whitepaper work in 2015, said this is the goal of Blockstack, a New York-based startup.
The Blockstack system is currently in alpha, allowing users to record their unique names and keys on the Bitcoin blockchain and then find another user to verify the messages they receive.
Nelson said:
"We're trying to allow developers to build serverless, decentralized applications where users own their data without the need for passwords, and developers don't need to manage anything."
Someday, network encryption may no longer be needed.
Sovereign Identity and Its Challenges
These projects all reflect the same ultimate goal: reducing the presence of third parties and giving users more control.
Since 2015, Christopher Allen has been organizing the "Rebooting Web of Trust" workshop every six months, focusing on developing technologies that provide true sovereignty to users.
Today, the letters and numbers representing everyone's identities online are registered with third-party organizations, Allen said:
"You don't own it; you're just renting it, and you don't have true sovereignty."
At the same time, Allen sees many challenges ahead, one of which is usability. Most users rely on a program's default settings, and they're not ready to choose who to trust. So, a system that relies on technical |
|
Post time 1-11-2023 09:09:01