Paper 2013/595

Enhanced certificate transparency (how Johnny could encrypt)

Mark D. Ryan

Abstract

The ``certificate authority'' model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend ``certificate transparency'', a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. We believe this finally makes end-to-end encrypted email as usable as encrypted web browsing is today, addressing the concerns of a classic paper explaining the difficulties users face in encrypting emails (``Why Johnny can't encrypt'', 1999). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call ``malicious-but-cautious''.