The WebPKI is the infrastructure that is used to enable the TLS protocol used to secure the Web. It is the worlds largest and successful open PKI infrastructure and perhaps not surprisingly the most controversial.

It is of course always much easier to point out where the designers 'went wrong' than to propose an alternative system that would meet the same needs. And often the real criticism is that the WebPKI was built to meet a different set of needs to the ones they thought it should have delivered. And especially so when those 'needs' actually represent certain ideological commitments rather than an attempt to serve the best interests of Web users.

In this paper, I look at the original use cases that the WebPKI was designed to support, how these have changed with time and propose a new architecture designed to support those changing needs.

The WebPKI is not designed to enable encryption

Probably the biggest misconception of the purpose of the WebPKI is that it exists to enable encrypted communications. It does not. The purpose of the WebPKI is to enable Web users to protect themselves. Encryption is a means, not an end and in the original design it was a means to support the end we cared about least.

In computer security we talk about C.I.A. :

Confidentiality
Keeping secrets secret, preventing disclosure.
Integrity
Establishing the authenticity of the information and preventing disclosure.
Availability
Protecting information assets against loss.

Integrity isn't the type of concern that we see in spy movies but in the real world of security it is almost always more important than confidentiality. The exception that proves the rule being protection of passwords and credit card numbers. We don't use encryption because people's passwords are interesting in themselves, the reason encryption is used is because disclosure of a password enables an integrity or availability attack.

Protecting availability is often even more important than integrity as the recent insurgence of cryptolocker malware proves. People will pay off the criminals because those pictures of the children when they were five are much more valuable to them than actual cash.

In general, if you care about keeping data private, you care even more about preventing it being corrupted and care most of all about the possibility of it being lost forever.

Consider your bank account. You would probably be very angry if your bank gave your statement to an attacker but angrier still if they allowed the attacker to make a withdrawal. But consider for a moment what would happen to the country if a middling sized bank suffered some catastrophic computer malfunction that destroyed all the account records and the backups. It would be more than just a disaster for the account holders, it is the type of event that could cause an international fiscal crisis. That wealth would have effectively vanished overnight.

The WebPKI was originally designed to make online commerce possible

The original design brief for SSL and the WebPKI was considerably narrower than allowing all Web users protect themselves from a range of threats. As far as Netscape was concerned, the goal was to enable the company to sell the Web 'commerce server' they were developing at the time to what was becoming known as 'electronic retail' or e-tail for short. This in turn required a number of security assurances to be made:

  • To the credit card associations to convince them that the risk to card issuers and acquirers (i.e. the banks) would be comparable to the risk they faced in existing mail order transactions.
  • To the customers to convince them that it was safe to buy goods from a then unknown set of e-tail merchants using a then unfamiliar technology.

The last requirement posed the real difficulty which was somewhat ironic as the card holder is and was protected in credit card transactions under the banking regulations in virtually every part of the world. And the reason that the banks could afford to guarantee to 'make the customer whole' should a dispute arise was that every transaction carries insurance. It was in any case the merchant that bore fraud losses in the case of MOTO (Mail Order Telephone Order) transactions, if that is, the merchant could be found.

Early Web customers had two chief concerns:

  • That an attacker might intercept an Internet communication to find out their card details and use them to make fraudulent transactions.
  • That the merchant might deliver the wrong goods or no goods at all.

Again, it was the second concern that presented the real issues. A perennial problem for the banks was the fraudulent merchant who would rent a store front, transact business honestly for just long enough to establish a credit rating, then suddenly disappear leaving a trail of unpaid bills and mail order customers waiting for their orders to arrive.

Today, Amazon is the worlds biggest retail brand known in practically every part of the world the Internet reaches. In 1995, it was virtually unknown outside the small community of Web developers. And people who did know it had little reason to be confident that a company that had only been formed the year before would really deliver. One of the reasons that Amazon started by selling books rather than the much more expensive consumer electronics that make up its largest category of products today is that early Web pioneers were much more willing to risk buying a book for $20 that might not arrive than a television set or a computer.

Accountability and Work Factor

The Modern WebPKI exists to allow Web users to protect themselves.