CA trust management for the Web PKI

Abstract

The steadily growing number of certification authorities (CAs) assigned to the Web Public Key Infrastructure (Web PKI) and trusted by current browsers imposes severe security issues. Apart from being impossible for relying entities to assess whom they actually trust, the current binary trust model implemented with the Web PKI makes each CA a single point of failure and creates an enormous attack surface. In this article, we present CA-TMS, a user-centric CA trust management system based on trust views. CA-TMS can be used by relying entities to individually reduce the attack surface. CA-TMS works by restricting the trust placed in CAs of the Web PKI to trusting in exactly those CAs actually required by a relying entity. This restriction is based on locally collected information and does not require the alteration of the existing Web PKI. CA-TMS is complemented by an optional reputation system that allows to utilize the knowledge of other entities while maintaining the minimal set of trusted CAs. Our evaluation of CA-TMS with real world data shows that an attack surface reduction by more than 95% is achievable.