The problem is difficult, and one of the reasons it's difficult — the main reason, I'd venture — is that it inherently runs contrary to the Bazaar model, whose success is based on the principle, «the more eyes, the fewer bugs».
Now of course, there are things that you legitimately cannot do in the open of the marketplace, as what you say to your doctor, to your lawyer, or the password to your bank account. Similarly, the private key to any certificate must be held secret, for exactly the same reason that you do not distribute to any comer duplicates of the key to your bank vault. Certificate Authorities are there to give the process a semblance of respectability by having a trusted "authority" check that when you request an ID (a certificate) under a certain name, you are "who you say you are".
The problem with a company who professionally deals in secrecy is the tendency to try to keep everything secret, and sweep any failures under the rug in the hope that they won't be noticed. Of course, when they
are noticed, the result is a catastrophic loss of trust which may even go, as looks quite likely in DigiNotar's case, as far as a total loss of business with the associated bankruptcy.
There is a need to separate what must be kept secret (the individual certificates) and what must never be kept secret (the procedures followed to ensure that certificates are delivered to the right people). This means that the certificate authorities have to be under constant watch, so that any break-in or any illegitimately delivered certificate shall be detected. But this brings us to the well-known
Quis custodiet ipsos custodies? (Who shall watch the very watchmen?), as the Romans said.
The fact that the most valued certificates are only delivered at a high price by a relatively few authorities regarded as top-notch, may in itself constitute a risk of, as was mentioned above, an oligopolistic concentration of power into too few hands, with the concomitant risk that the auditors, being, as they conceivably could be, "players in the same elite game", fail to notice, when they happen, the very dubious actions, foul plays, and underhand fast-and-loose goings-on that they are there to prevent in the first place.
I don't have a solution, I'm not even sure that the problem
admits any solution. But I would be happy if one could be found.
2011-09-09 00:38