Achievement

IGERT fellow, James Kasten, is the lead author in a refereed conference proceeding in Computer Science:

Kasten, J. D., Wustrow, E. A., & Halderman, J. A. (2013). CAge: Taming Certificate Authorities by Inferring Restricted Scopes. Proceedings of the Financial Cryptography and Data Security 2013 Conference, Okinawa, Japan.

The existing HTTPS public-key infrastructure (PKI) uses a coarse-grained trust model: either a certificate authority (CA) is trusted by browsers to vouch for the identity of any domain or it is not trusted at all. More than 1200 root and intermediate CAs can currently sign certificates for any domain and be trusted by popular browsers. This creates an excessively large attack surface, as highlighted by recent CA compromises. In this paper, we present CAge, a mechanism that browser makers can apply to drastically reduce the excessive trust placed in CAs without fundamentally altering the CA ecosystem or breaking existing practices.