Abstract
Today’s TLS certificates are notoriously difficult to
augment with new features or even new options under the existing
set of features. As a result, the public key infrastructure is unable
to quickly evolve to meet new threats, new deployment consid-
erations, and new capabilities. We observe that, fundamentally,
certificates are a series of logical constraints, limiting what a
given principal is able to do. We sketch the design of assertion-
carrying certificates: certificates that can carry a small amount of
code that can dynamically add to these constraints. We present
what we believe to be the ideal goals of such a language, and
how our initial design in Prolog addresses them. We believe that
this modest change to certificates could empower a far more
evolvable certificate ecosystem.
augment with new features or even new options under the existing
set of features. As a result, the public key infrastructure is unable
to quickly evolve to meet new threats, new deployment consid-
erations, and new capabilities. We observe that, fundamentally,
certificates are a series of logical constraints, limiting what a
given principal is able to do. We sketch the design of assertion-
carrying certificates: certificates that can carry a small amount of
code that can dynamically add to these constraints. We present
what we believe to be the ideal goals of such a language, and
how our initial design in Prolog addresses them. We believe that
this modest change to certificates could empower a far more
evolvable certificate ecosystem.
| Originalsprache | englisch |
|---|---|
| Publikationsstatus | Unveröffentlicht - 2 Juni 2020 |
| Veranstaltung | Workshop on Foundations of Computer Security 2020 - virtuell, USA / Vereinigte Staaten Dauer: 22 Juni 2020 → … |
Konferenz
| Konferenz | Workshop on Foundations of Computer Security 2020 |
|---|---|
| Kurztitel | FCS 2020 |
| Land/Gebiet | USA / Vereinigte Staaten |
| Ort | virtuell |
| Zeitraum | 22/06/20 → … |