cs7053 icon indicating copy to clipboard operation
cs7053 copied to clipboard
verified publisher icon sftcd

Add Decentralized Public Key Infrastructure.pdf

Open rgog opened this issue 5 years ago • 2 comments

Found this paper interesting as it talks about the security challenges with the current Centralized Public Key Infrastructure (PKI) and sheds light on how a Decentralized PKI can help overcome these challenges.

rgog avatar Mar 09 '20 20:03 rgog

On 09/03/2020 20:26, rgog wrote:

Found this paper interesting as it talks about the security challenges with the current Centralized Public Key Infrastructure (PKI) and sheds light on how a Decentralized PKI can help overcome these challenges.

Well... maybe. But maybe not.

That'd need a proper reference really.

Aside from that - I'm unconvinced that'd be good enough to displace a PKI like the WebPKI. What makes you think it might?

S.

You can view, comment on, or merge this pull request online at:

https://github.com/sftcd/cs7053/pull/9

-- Commit Summary --

  • Add Decentralized Public Key Infrastructure.pdf

-- File Changes --

A materials/Decentralized Public Key Infrastructure.pdf (0)

-- Patch Links --

https://github.com/sftcd/cs7053/pull/9.patch https://github.com/sftcd/cs7053/pull/9.diff

sftcd avatar Mar 09 '20 22:03 sftcd

I think it might because, to maintain a secure connection, the keys are created and signed by the CAs. Web hosting companies manage the key creation themselves which leads to accumulation of keys at a single point (Super bad) . Anyone who has access to that repo can compromise the security of connections in a virtually undetectable way (DigiNotar messed up). MITM attacks chances increase. The paper also talks about usability issues with the WebPKI. They talked about studies where PGP communication failed and public key management was the primary issue. They also talked about the messaging system, "TextSecure", which fails to handle change in public key smoothly and can lead to a lapse in security. DPKI primarily focuses on blockchains (Can support other similar technologies). It follows consensus based approach where no single party can compromise system's integrity. With this approach, a middleman would have to have enough computation power to attack everyone on the network at once. There is more detail in the paper.

I am not saying this is all we need to displace PKI with DPKI but I find the above argument valid. Do you see something wrong with it? Or perhaps, are there some other shortcomings which lead to DPKI having more cons than pros that make you apprehensive of this change?

rgog avatar Mar 09 '20 23:03 rgog