Ross: OK, we've heard from previous talks about how TLS certificates are all or nothing. It's particularly annoying that if I trust a certificate because I want to read a website, then in many systems that certificate can now update my operating system. But I'm not talking so much about the technology as about the incentives, and certification is about as thoroughly broken as you can get because certification is a two-sided market, like payments and like operating systems. People don't decide to trust VeriSign or Comodo, we have to - because if you don't trust Comodo you can't book a flight with EasyJet. Why do people trust, why do merchants trust VeriSign and Comodo? Because they are reckoned too big to fail. Ever since DigiNotar got put to death, merchants have been rushing to the biggest two or three CAs because they reckon that will prevent them suffering something unpleasant. And we know that two-sided markets create an awful lot of security economics problems.
展开▼
