Abstract
Today’s TLS certificates are notoriously difficult to
augment with new features or even new options under the existing
set of features. As a result, the public key infrastructure is unable
to quickly evolve to meet new threats, new deployment consid-
erations, and new capabilities. We observe that, fundamentally,
certificates are a series of logical constraints, limiting what a
given principal is able to do. We sketch the design of assertion-
carrying certificates: certificates that can carry a small amount of
code that can dynamically add to these constraints. We present
what we believe to be the ideal goals of such a language, and
how our initial design in Prolog addresses them. We believe that
this modest change to certificates could empower a far more
evolvable certificate ecosystem.
augment with new features or even new options under the existing
set of features. As a result, the public key infrastructure is unable
to quickly evolve to meet new threats, new deployment consid-
erations, and new capabilities. We observe that, fundamentally,
certificates are a series of logical constraints, limiting what a
given principal is able to do. We sketch the design of assertion-
carrying certificates: certificates that can carry a small amount of
code that can dynamically add to these constraints. We present
what we believe to be the ideal goals of such a language, and
how our initial design in Prolog addresses them. We believe that
this modest change to certificates could empower a far more
evolvable certificate ecosystem.
Original language | English |
---|---|
Publication status | Unpublished - 2 Jun 2020 |
Event | Workshop on Foundations of Computer Security 2020 - virtuell, United States Duration: 22 Jun 2020 → … |
Conference
Conference | Workshop on Foundations of Computer Security 2020 |
---|---|
Abbreviated title | FCS 2020 |
Country/Territory | United States |
City | virtuell |
Period | 22/06/20 → … |