The concept is quite simple. The implementation, a little more involved. Instead of requiring that a certificate is signed by a single trusted authority, require multiple independent trusted signatures.
Forgeries
If a browser requires that a certificate is signed by at least N trusted authorities (three maybe?), then getting forgeries signed suddenly become much more difficult. There is the problem that some states might be able to compel three different CA's under their own influence to sign a forged certificate. This could be addressed by requiring that a certificate is signed by authorities in different states. Rather than limiting this issue to "states", each CA could be assigned (in the browser) a list of entities under whos influence they fall. Each certificate would then have to be signed by a minimum of N authorities who don't have any overlapping influences.
Too big to fail?
If a browser requires a certificate to be signed by a minimum of three authorities, and people get their certificate signed by four or even five authorities, then no CA is "too big to fail" anymore. Browsers can remove even the largest CA from their trusted root list, and affected certificates will still have enough signatories to be trusted. If forged certificates are found in the wild that are signed by three different CA's, a temporary "influence" relationship could be created between the three CAs to specify that they have all been compromised by the same attacker.
Read more: Grepular
QR:
Posts
