An Opinionated Proposal to Improve Internet TLS Certificate Management: Burn It All Down

The current system of Internet TLS certificate management is, simply put, not fit for purpose -- and truly, never was. It's critical that we begin seriously talking about what will replace the present paradigm and how we achieve the goal of replacement -- because something must replace it, soon, or disaster looms.

In the first part of the presentation, we examine the major issues that currently exist, including:

• Issues created by using an artifact (X.509 certificates) intended for small centrally-administered networks, on a massive decentralized network
• Problems inherent in centralizing identity trust in a small number of ultimately-trusted issuing authorities
• Common but questionably-useful practices by the issuing authorities themselves
• False impressions given to users by how the system as a whole presents identity and security concepts
• Additional problems caused by practices intended to work around the above

In the second part, we propose a possible future -- one in which certificates and certificate authorities may continue to exist in a recognizable form, but operate as part of an entirely different model of trust and security. The implications of this shift for Internet identity authorities, software creators, and end users are examined and the overall benefits enumerated and explained.