Proxy Certificates: The Missing Link in the Web's Chain of Trust
The ability to quickly revoke a compromised key is critical to the security of a public-key infrastructure. Regrettably, most certificate revocation schemes suffer from latency, availability, or privacy issues. The problem is exacerbated by the lack of a native delegation mechanism in TLS, which increasingly leads domain owners to engage in dangerous practices such as sharing their private keys with third parties. We investigate the utility of "proxy certificates" to address long-standing revocation and delegation shortcomings in the web PKI. By issuing proxy certificates, entities holding a regular (non-CA) certificate can grant all or a subset of their privileges to other entities. This fine-grained control on delegating privileges requires no further actions from a CA, yet does not require trust on first use (TOFU). The lifetime of a proxy certificate can be made almost arbitrarily short to curb the consequences of a key compromise. We analyze the benefits of this approach in comparison to alternatives, discussing various use cases and technical implications. We also show that combining short-lived proxy certificates with other schemes constitutes an attractive solution to several pressing problems. Overall, we make the case that the benefits obtained from incorporating proxy certificates into the current PKI substantially outweighs the changes required in practice. Such changes are minimal, and would only be required on the browser end, should a domain owner opt to use proxy certificates.
READ FULL TEXT