Deciphering Centralised CAs and Why Their Demise Should be a Goal
Encryption in transmission is good; but who controls the key exchange and certification/authentication/validation?
Certificate Authorities (CAs) leave people baffled and they often ask what their meaning or purpose actually is. Simply put, it's a flawed model of security designed to centralise control under the guise of "security".
Dr. Andy Farnell has just published this article which covers relevant concepts.
"Encryption in transmission is good," as noted above, so why not a cabal (or cartel, a "ruder" word) of Certificate Authorities? Heck, why not just one Certificate Authority (CA)? Have just one universal one and be done with it?
See, the problem is that we're setting ourselves up for mass censorship (or worse things), but it is disguised as "security" albeit even at that it fails miserably. Every malicious site can just request a free certificate or purchase one (and some company willing to sell it; easy money... just some random bytes).
As long as very many people use the Web, many people will also use Web browsers. And many will use the "Big Browsers", which means avoiding Certificate Authorities altogether can become an accessibility problem (e.g. people unable to access what we publish).
So, anyway, we've made presence (with complete parity) in Gemini Space and it is paying off. This is the top capsule at the moment.
Since we wrote about Certificate Authorities the day before yesterday the number of capsules using Let's Encrypt fell some more:
Scroll down in this page. Let's Encrypt is down further today: "2632 (90.1 %) capsules are self-signed, 17 (0.6 %) use the Certificate Authority Let's Encrypt, 272 (9.3 %) are signed by another CA (may be not a trusted one)."
Gemini Space or Geminispace is 'phasing out' the curse of centralisation. Encryption is mandated; outsourcing is not. █