SSL without CAs?
by ZetaGecko | Add Your Comments | Internet, Server Administration
The following, excepted from Yahoo!'s FAQ about DomainKeys, their proposal for authenticated email, points to a possible implementation of SSL (a.k.a. HTTPS or secure HTTP) which wouldn't require a CA, which would make setting up a secure server free, rather than requiring anywhere form $50 to hundreds of dollars per year:
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?
DomainKeys does not require a CA. Much like a trusted Notary Public, Certificate Authorities are used in public/private key systems to sign, or "endorse," public keys so that the external users of public keys can know that the public keys they receive are truly owned by the people who sent them. Since DomainKeys leverages DNS as the public key distribution system, and since only a domain owner can publish to their DNS, external users of DomainKeys know that the public key they pull is truly for that domain. The CA is not needed to verify the owner of the public key - the presence in that domain's DNS is the verification. However, it is possible that Certificate Authorities may become a valuable addition to the DomainKeys solution to add an even greater level of security and trust.
Two points worth noting:
1) You can already make your own SSL certificates for free. The problem is that web browsers will display an alert to the user if your certificate hasn't been signed by a CA that it recognizes. Many users think that the alert means that the site isn't really secure.
2) CA's do provide some value other than simply verifying that a certificate really belongs to the site it claims to belong to. They generally provide some level of assurance that the company to whom the certificate was issued is a legitimate company.
If an SSL certificate system is implemented using DNS to deliver a public key, the user should be given the option of being alerted when a certificate signed this way is presented to them. Perhaps these alerts should even be displayed by default. But considering that a security solution is possible that doesn't require payments to certificate authorities, there's no reason that users and server operators shouldn't be given the opportunity to select such a solution if it suits their preferences.