conference logo

Playlist "ChaosWest @ 34c3"

Namecoin as a Decentralized Alternative to Certificate Authorities for TLS

JeremyRand

Certificate authorities suck, but the proposed replacements (e.g. DNSSEC/DANE) aren't so great either. We think Namecoin can help here, and the code is working and released! Certificate authorities (CA's) pose a serious threat to the TLS ecosystem. Unfortunately, the various proposed solutions (e.g. Convergence, DANE, HPKP, CAA, and CT) do not solve the underlying problem: the existence of trusted parties in the process of converting a domain name to a certificate acceptance policy. While it may be an improvement to reshuffle the trusted parties to have more trust agility (Convergence), a smaller set of fully trusted parties (DANE), a more limited window of opportunity for attackers (HPKP and CT) or more accountability after-the-fact (HPKP, CAA, and CT), we think it's time to solve the underlying problem. Namecoin introduces the ability to do exactly that: if you know a Namecoin domain name, you can find out which TLS certificates are valid for it, with a threat model and codebase nearly identical to the battle-hardened Bitcoin. In addition, we figured out how to make this work in the real world of uncooperative web browsers: Namecoin TLS certificate validation works with Chromium on Windows, without the high attack surface of intercepting proxies or the cookie leakage of browser extension API's.