Comment by pdonis
1 year ago
> The worse outcome in my view would be that we all end up being required to use big tech companies as gate keepers for our digital lives.
So your proposed solution is...to give my private data to big tech companies? Who else is going to manage the cryptographic certificates at scale?
The keys are on your device, it doesn't require management by a third-party.
How is anyone else going to know that the public key I hand them belongs to a person that satisfies whatever requirement they are checking? For example, if someone wants to verify my age, how do they know the public key I hand them belongs to a person that meets the age requirement?
Some third party is going to have to verify that that's true. Which means some third party is going to have to have access to my private data, to verify that my public key belongs to a person whose private data meets whatever requirements are being asked about. That third party will end up being a big tech company.
Your example about CAs is not relevant because CAs only need to verify that someone has control of a particular web endpoint. They don't need to verify the private information of whoever that person is. So the information they need is much less intrusive than the information a third party who is going to attest that public keys belong to people meeting things like age requirements would need to have. Yes, once a third party has attested to your age certificate, they aren't involved with how you use it--but that third party has to have a lot more private information about you to be able to make that attestation, than CAs currently have about website operators.
Do note that the reference here to CA is a conceptual reference, in other words it refers to a trusted entity who can verify certain bits of information (like your age or identity) then issue certificates for it, "trust anchor" is the lingo Certisfy uses for CAs.
Hostnames are what TLS certificate CAs such as DigiCert verify ownership of then issue certificates for; the same concept can be applied to any kind of information, including private information.
For instance a state DMV could choose to be a Certisfy "trust anchor"/CA and issue you a cryptographic certificate for your driver's license to be used for IRL identity anchoring.
So no, a "trust anchor"/CA need not be a big tech company, in fact if such a concept is deployed at scale a large class of entities can/should play the role of "CA", including people doing it as part of a business service.
There is zero chance that a legally mandated certificate scheme won't require centrally-managed certificates to prevent the underage from loading illegally shared keys onto their devices.
Certificates are not things that are centrally managed.
If you get a certificate from a CA (DigiCert, AWS,Google...etc), they hand you the certificate after necessary verification but otherwise have nothing to do with how you use (TLS traffic) it.
The same with something like age verification. Once you have a certificate that attests to your age (as of certificate issue date), the issuer has nothing to do with how you use it, the receiver of signatures generated from that certificate (via private key) can verify it without any interaction with issuer.
As for misuse, that's certainly a concern but it can be addressed via the issuing process. Certisfy does address this issue.
A fundamental requirement for making a certificate scheme work is that certificates are anchored to IRL identity via identity anchor certificates in a privacy preserving manner. You can read up on the approach here: https://cipheredtrust.com/doc/#pki-id-anchoring
6 replies →