source: trunk/tls-centralization/index.html @ 241

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
<title>Technical Architecture shapes Social Structure</title>
<link rel="stylesheet" href="style.css" type="text/css" />
<link rel="shortcut icon" href="icon.png" type="image/png" >
<link rel="icon" href="icon.png" type="image/png" >
</head>

<body>
<h1>Technical Architecture shapes Social Structure:<br />an example from the real world</h1>

When you use the Internet, most of your communications rely on many
different computers co-operating with each other.  The computers
co-operate with each other because they have agreed beforehand on a
<term>protocol</term>.

<p>The protocols we use for communication shape not just the
communications themselves, but social and economic structures beyond
them.  In the USA, we have seen how choices in infrastructure can
shape social structure in the physical world. Our society builds
highways, malls, and suburban developments while neglecting its rail
lines, public spaces, and cities. In doing so, we <a
href="http://www.planning.org/APAStore/Search/Default.aspx?p=3333">discourage
civic interaction while facilitating pollution and dangerously
sedentary lifestyles</a>. This article shows how choices in digital
communications infrastructure can also have an effect on our social
fabric by focusing on one small example out of many.

<p>I'll discuss here a protocol in common use on the internet
today: <term>Transport Layer Security</term> (<term>TLS</term>) and
its precursor, the <term>Secure Sockets Layer</term>
(<term>SSL</term>).  These are used (among other places) in secure
World Wide Web connections.  <term>TLS</term>, as it is currently
implemented, fosters the concentration of power and money among
certain groups while hampering the public's ability to engage in
trust-worthy, secure communications.

<p>This is important because we still have an opportunity to choose
the tools and protocols we use.  By choosing our protocols, we can
help move toward a social order we prefer.  I'll present an existing
modification to <term>TLS</term> which I think can move our online
culture in a direction that is more democratically-engaged and less
authoritarian.

<p>TLS is only one small piece of the puzzle.  There are thousands of
protocols and tools in use on the Internet today, with a variety of
subtle societal effects.  We can choose the way we want to go, but we
can choose well only if we understand the issues!

<h2>Background and introduction</h2>

This article has a relatively narrow technical focus, but it's one
which most people reading probably encounter every week, when using
the <term>World Wide Web</term> (<term>www</term>).

<h3>What is HTTPS and why do we use it?</h3>

Most of your everyday use of the <term>www</term> consists of <a
href="http://www.ietf.org/rfc/rfc2616.txt"><term>HyperText Transfer
Protocol</term></a> (<term>HTTP</term>) connections.  This is the
<code>http://</code> you see at the beginning of many web addresses
(known as <term>Uniform Resource Locator</term>s, or
<term>URL</term>s).  An <term>HTTP</term> session consists of your web
browser sending a request to the remote web server, which is just
another computer connected to the internet.  Your request consists of
several things, potentially including: <ul><li>the full
<term>URL</term> of the page you are viewing,<li>identifying
information about your web browser,<li>small pieces of data called
<q>cookies</q>,<li>the contents of any form fields you might have
filled in.</ul> The web server replies to your request with its own
information, potentially including: <ul><li>information about the page
you requested,<li>identifying information about the web server
itself,<li>more <q>cookies</q>, <li>the contents of the page
requested.</ul>

These communications (in both directions) are all visible to any
computer along the way between your computer and the web server.  If
you included some information that you'd rather keep private (for
example, if you typed your bank account number in a field of a web
form), you might be upset that the intermediate machines can all
snoop!  Even worse, if your password is included in this information,
the snooper could then use that password to take actions that <em>only
you</em> should be allowed to take, such as updating your
organization's web page, transferring money, making travel
reservations, etc.

<p>So just using unencrypted, plain <term>HTTP</term> is dangerously
insecure!  If you are anonymously reporting unethical activity of your
employer, you do not want your employer (who controls the network you
are using) to see what you are doing, or to alter the contents of your
complaint as it is in transit.  If you are dealing with your bank, you
don't want the other machines on the network to be able to get
information about your accounts, much less to withdraw money from
them.  We need some sort of way to keep our communications private and
secure.

<p>This is exactly why we use <term>HTTPS</term>, the <q>secure</q>
version of <term>HTTP</term>.  This protocol can be identified by the
fact that the <term>URL</term> in your browser's address bar begins
with <code>https://</code>.  It is also often indicated by the little
lock icon in your browser. <captionedimage><img src="lock.png"
alt="image of lock in browser"/><br/><cap>The lock in my
browser</cap></captionedimage> <a
href="http://www.ietf.org/rfc/rfc2818.txt"><term>HTTPS</term></a> is
the same protocol as <term>HTTP</term>, but wrapped inside a layer of
strong encryption.  The encryption provides your communication with
two things: privacy and integrity.  Privacy means that computers other
than your own machine and the web server will see the communications
as a stream of gobbledy-gook, but your web browser and the web server
involved will be able to understand them.  Integrity means that both
parties can be certain that the information they receive is actually
the same information that was sent by the other party.

<p>This is a good thing, but some questions are still unanswered.  If
i'm using <term>HTTPS</term>, I can be reasonably sure that the only
parties who can decipher the communication are:<ul><li>myself <li>the
web server</ul> But who is the web server really?

<h3>How do we know who we're talking to?</h3>

Near the little <q>lock</q>, many modern browsers will show you the
name of the site you are connecting to.  The first thing is to make
sure that this is who you think it is.  If you are about to send
confidential information to your local credit union via their web page
(e.g. <code>lespeoples.org</code>), you should be sure that the name
near the lock is the name of your credit union.  If the machine you
are connecting to is something different
(e.g. <code>bigbadbank.com</code>), then all the cryptography in the
world won't help you keep your information private, because you are
sending it to the wrong folks!

<p> But if the name <em>does</em> match, there could still be
problems: some nasty group could be intercepting your communications,
and claiming to be the group you actually want to talk to.  This isn't
veering into paranoia here: the global network is very flexible; it
relies on wide-scale co-operation; and the malicious actors are often
tireless and conscienceless machines, not individual humans.

<p> So how does your browser know to show that lock, since anyone
could claim to be anyone else?  <captionedimage><img src="tooltip.png"
alt="image of lock in browser with tooltip showing certificate
authority"/><br/><cap>browser lock showing
tooltip</cap></captionedimage> Because during the initial claim of
identity, the web server presents a certificate which is
cryptographically signed by an <term>Certificate Authority</term>
(<term>CA</term>) who your browser already knows about and trusts.  On
some modern web browsers, if you hover your mouse over the
<q>lock</q>, a tool tip will pop up showing which <term>CA</term>
signed off on the certificate presented by the web server.  In the
image here, you can see that the authority who signed this certificate
is <q>Equifax</q>.

<h3>Who do you trust?</h3>

But wait a minute!  Who said that <q>Equifax</q> is an authority who
can verify that folks are who they say they are?  As any good
anarchist would ask, why should you trust this authority?  At the
moment, you trust them implicitly because your web browser comes
pre-configured to trust them.  Many modern browsers ship with 30 or
more of these <term>CA</term>s trusted <em>automatically</em>.  If any
one of these authorities is compromised or malicious, they could
create fake certificates with whatever name they want, which means
that, with only a few other small modifications, they could intercept
(and tamper with) communications you intend to be private and
untamperable.

<p>Who are these authorities?  Why are they included by default in our
web browsers?  Do they really do a good job in verifying identities
before signing certificates?  Do they have your best interests in
mind?  Do they share your political principles?  If they received an
unethical request from a corrupt governmental power or financial
sponsor, would they comply, or would they resist?

<p>I don't have the answers to these questions about any particular
<term>CA</term>.  But I think that the current technical
infrastructure gives them incentives to behave in untrustworthy ways.
We have very little reason to think that these <term>CA</term>s have
the average web user (or server administrator) in mind when they
decide policy, which makes our implicit trust in them all the more
unjustified.

<h2>Relevant Architecture Components</h2>

What is it about the architecture of the Web that encourages this
insecurity and lack of integrity?  This requires a basic understanding
of the underlying protocols used to create secure web connections.
The Internet is a collection of co-operating machines, all passing
messages to each other in various forms.  Viewed from another angle,
the Internet is also a collection of interacting protocols, which fit
together in certain ways.

<h3>TLS</h3>

<p><term>HTTPS</term> is, at its root, <term>HTTP</term> (the common
protocol by which web browsers talk to web servers) tunneled through
<a href="http://www.ietf.org/rfc/rfc4346.txt"><term>Transport Layer
Security</term></a>, or <term>TLS</term>.  <term>TLS</term> itself
grew out of the <term>Secure Sockets Layer</term>, or
<term>SSL</term>.  <term>TLS</term> and <term>SSL</term> are generic
protocols which define methods for encrypting a potentially lengthy
bidirectional communications session.  We call the side of the
communications session that waits and listens for new connections the
<term>server</term>, and the side that actively initiates connections
the <term>client</term>.  In the case of <term>HTTPS</term>, your web
browser acts as a <term>TLS</term> <term>client</term>.

<p><term>TLS</term> (like many session-based protocols) begins with a
<q>handshake</q>, which is used by the <term>client</term> and
<term>server</term> to establish their shared assumptions.  You can
think of this as two complete strangers on a phone call: they run
through the languages they speak, in an attempt to find a common
language in which they can communicate.

<p>Assuming both <term>client</term> and <term>server</term> find that
each other <q>speaks</q> some common form of <term>TLS</term>, the
handshake continues with the <term>server</term> offering the client a
<em>single</em> certificate asserting the <term>server</term>'s
identity.

<h3>X.509 v3 certificates</h3>


<p>The certificate presented is a combination of a cryptographic
<term>public key</term> with an identifying name of the <q>subject</q>
(typically the name of the server), where the combination of these two
things is signed by a <term>Certificate Authority</term>.  The
signature is a statement by the <term>Certificate Authority</term>
that the <term>public key</term> shown does in fact belong to the
subject.

<p>You can think of these three parts of the certificate as a state
driver's license.  The certificate's <q>public key</q> is sort of like
the driver's license ID number.  The certificate's <q>subject</q> is
the driver's name, photo, and other identifying characteristics.  The
certificate's <q>signature</q> is like the hologram on a state
driver's license.  The <acronym title="Department of Motor
Vehicles">DMV</acronym> plays the role of the <term>Certificate
Authority</term>.  Only the DMV can make that hologram, and by
applying it over the ID number and the statistics, the DMV is saying
that this particular driver has this particular ID number.  The
specific format of the certificate used in <term>TLS</term> is not a
driver's license, of course.  It is specified by the
<term>X.509</term> standard.

<p><a
href="http://www.ietf.org/rfc/rfc3280.txt"><term>X.509</term></a>
covers a lot of different things, but for the purposes of this
discussion, we're only interested in how it specifies the certificates
used in <term>TLS</term>.  In particular, I want to focus on two
things: how the web server is identified, and how the signature is
attached to the identity/public key combination.

<p>The server is identified by a long string of which only the bit
after the last <code>CN=</code> is really inspected by your web
browser.  Here's an example subject from a real-world certificate:

<pre>/O=secure.mayfirst.org/OU=Domain Validated/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/CN=secure.mayfirst.org</pre>

<p>The identity of the signer (aka the <term>issuer</term>) is also
present in the certificate, and a <em>single</em> signature is allowed
within the certificate.

<p>Your browser (or other <term>TLS</term>-capable client) takes the
certificate, looks through its list of trusted <term>certificate
authorities</term> for the signer.  If it doesn't see the signer in
that list, it treats the certificate as invalid.  If the signer is
present in the list of trusted <term>CA</term>s, your client uses
information it already has about the signer to verify that the
signature is in fact legitimate.

<p>There's an extra step that can be thrown in here sometimes called
<q>certificate chaining</q>, where the server presents not only its own
certificate, but also the certificate of its <term>issuer</term>,
where the assumption is that the <term>issuer</term>'s own certificate
is signed by a <term>CA</term> that the client already trusts.

<p>But however the trust is followed, we end with one conclusion: the
client must already know of and trust the ultimate signer of the
certificate, and there can only be one ultimate signer for any
certificate.  If the client doesn't know of and trust that signer,
they are merely guessing that the machine on the other end of the
connection is the intended machine.


<h2>Concentration of Power, Financial Incentives, and Trust</h2>

<p>So again, the question is: who are these <term>Certificate
Authorities</term>?  What is their background?  Who operates them?
What are their political convictions?

<h3>How does a typical certificate authority stay afloat?</h3>

The biggest <term>Certificate Authority</term> today at the beginning
of 2007 is <a href="http://verisign.com/">VeriSign</a>.  With their
purchase of <a href="http://thawte.com/">Thawte</a> in 1999 and of of
<a href="http://geotrust.com/">GeoTrust</a> in 2006, they are by far
the largest issuer of certificates to the general public (over 70% in
aggregate, according to <a
href="http://news.netcraft.com/archives/2006/05/17/verisign_to_buy_geotrust_combining_top_ssl_providers.html">Netcraft</a>).

<p>Verisign has a lot of other businesses, but it makes its
<term>CA</term> money by selling certification to the entities
requesting it.  That is, if you decide to set up a new web site on a
server named <code>example.com</code>, and you want to provide secured
web access via <code>https://example.com/</code>, you might begin by
paying VeriSign for a certificate that identifies your server as
<code>example.com</code>.  Why should VeriSign certify you with this
name?  For one thing, because you're paying them to do so.  But their
responsibility as a <term>CA</term> should include more rigorous
checking.  And they do so &mdash; but just a little bit more &mdash;
often relying on the <code>example.com</code> DNS and e-mail (both
forgeable systems) to be configured properly and securely.

<p>At any rate, the <em>site operator</em> is the one who foots the
bill for the certificate, and the <term>CA</term> has little
disincentive to turn down certification, since it would presumably
mean they'd lose paying customers.  If the <term>CA</term> were to
engage in massive, wide-scale illegitimate certification, there's a
possibility that browser vendors would drop them as a trusted root
<term>CA</term>, but it would probably take a really large scandal,
and it would likely take months (at least) for browser vendors to
actively drop trust for the <term>CA</term>.  This has never been
done, as far as I know.

<h3>Who can be a <term>Certificate Authority</term>?</h3>

The kicker in all of this is that Verisign and the other commercial
<term>Certificate Authorities</term> aren't using any expensive
hardware or software to issue certificates.  Free tools like <a
href="http://openssl.org/">OpenSSL</a> or <a
href="http://www.gnu.org/software/gnutls/">GnuTLS</a> form the
technical basis of most <term>CA</term>s, and there are free graphical
frontends (like <a href="http://tinyca.sm-zone.net/">TinyCA</a>) which
make running a <term>Certificate Authority</term> a relatively simple
task.  These tools can be run on bottom-of-the-barrel hardware, and
being a <term>CA</term> doesn't even require a heavy-duty connection
to the Internet.

<p>So if anyone can technically be a <term>CA</term>, how come people
aren't doing it?  For one thing, doing legitimate verification of
identities is actually significant work.  But the verification done by
most <term>CA</term>s (including VeriSign) doesn't come close to this
level of work, so that shouldn't be holding people back.  It turns out
the architecture of <term>TLS</term> itself discourages diversity.

<h3>Why does the architecture encourage concentration?</h3>

Remember that a <term>TLS</term> (<term>HTTPS</term>) server can only
offer a single certificate.  For hassle-free, secure connections, the
signer of that certificate must already be trusted by the client (web
browser).  As a site administrator, you need to decide who is going to
sign your certificate.  Most browsers out there already <q>trust</q>
the big corporate <term>CA</term>s.  If a new independent
<term>CA</term> were to spring up, it won't be trusted by any of the
browsers, which means connections using a certificate from the new
<term>CA</term> would likely cause errors for your site's visitors.
Since you can only choose one, you probably will go with the existing
goliath, even if you feel no political affinity with them, and even if
you resent paying money for their signature which could have been
better used elsewhere.

<p>As an individual who uses the web, your browser already
<q>trusts</q> the big corporate CAs.  Most of the web sites you visit
are probably run by admnistrators who have made the tradeoff above.
Why should you ask your browser to trust a new <term>CA</term>, even
if it's one you personally actually trust more?  It can be a hassle to
maintain a list of trusted authorities, and it seems especially
fruitless when the new authority you've added isn't actually used by
any site that you visit.  So why bother?  And you're certainly not
going to tell your browser to stop <q>trusting</q> the big corporate
<term>CA</term>s, because nearly every site you visit has certificates
issued by one of them.

<p>What's worse, to make any change in the situation at all, there
would need to be a massive break.  The day that a site offers a new
certificate signed by a new authority, <em>every one of its
visitors</em> will see that cert, and will get errors if they don't
already trust the new authority.  The site administrator is pretty
much guaranteed to cause problems for hir visitors by switching away
from the mega-<term>CA</term>s.

<p>This seems like a no-win situation, but there are ways out.

<h2>Alternate Architectures</h2>

The <term>TLS</term> architecture is the cause of this concentration
of power, and changes to the architecture can permit or even encourage
its dissolution.

<h3>What could change the incentives?</h3>

As usual, we need to follow the money.  One of the reasons the big
<term>CA</term>s have little reason to provide real security via
heavy-duty verification before certification is because they lack
significant competition.  Making it easier to start and run a separate
<term>Certificate Authority</term>, while actually encouraging its
adoption would be a good thing.

<p>If we were to modify the <term>TLS</term> protocol so that a server
could offer multiple certificates at once, that would make it much
easier to do a smooth transtion away from un-trustworthy big
<term>CA</term>s, because sites and users would no longer need the
massive, disruptive transition that switching certificates would
entail.  One year, a web site could offer certificates from Verisign
and a new, politically-active <term>CA</term>, while explaining to
their users the reason for switching away, and then the next year, the
site could drop the VeriSign certificate entirely.

<p>An analogous change would be to enable multiple signatures on a
single certificate.  Recall that a single <term>X.509</term>
certificate contains a public key, a subject, and a signature binding
the two together from a <term>CA</term>.  There's no reason (in
principle) that we couldn't declare a certificate as a public key, a
subject, and a <em>set of signatures</em>, each from a different
<term>CA</term>.  It turns out that there is a proposal for this kind
of alternate, multi-signature certificate (using the
<term>OpenPGP</term> standard), which i'll talk about later.

<p>But why should you trust a lot of small <term>CA</term>s more than
a handful of big ones?  The answer is that you wouldn't (and
shouldn't) trust all the small <term>CA</term>s.  You might trust a
handful of smaller <term>CA</term>s, who you have a personal
relationship with.  Or you could spread your trust out over a wider
range, deciding that you don't give full trust to any single
<term>CA</term>.  Instead, you could require certification by any 3 of
the 20 <term>CA</term>s that you trust marginally.  Although CA might
be compromised, but it would be a harder job to infiltrate 3 of them.

<p>If <term>CA</term>s are able to really compete on trustworthiness
(which they can't right now because of the architecture), you could
simply dismiss the <term>CA</term>s who are known to do a terrible job
of verification, or who you don't trust for other reasons.  For
example why should you trust the <term>Certificate Authority</term>
run by an oppressive government?

<p>Once it becomes easier to phase in trust of new, alternative
<term>Certificate Authorities</term>, we need to think about which
ones technologically-aware activists would want to support.  I suggest
that a full change in the funding model is needed.  Instead of being
paid for by the site owner, a new-model <term>Certificate
Authority</term> could operate independently, funded by its members
who, by joining, help shape policy about what sort of verification
should be required to grant a certificate.

<p>With the ability to have multiple signatures, there's nothing
stopping individuals from acting as their own <term>CA</term>s as
well.  Do you run your own web site?  Certify it!  Does your
organization have a web site?  You and your colleagues could each
certify it.  This sort of decentralization is healthy, fosters
community networks, and can cut out the big corporate middlemen.

<h3>What else exists?</h3>

<h4><term>EV</term> Certificates</h4> The big corporate middlemen don't
want to be cut out, of course.  A plan is afoot from some of the
larger <term>CA</term>s called <a
href="http://www.cabforum.org/certificates.html"><term>Extended
Validation</term> (<term>EV</term>) Certificates</a>.  From what I
can tell, this is simply the big <term>CA</term>s offering to actually
do a serious level of identity verification &mdash; what they should
have been doing all along!  The bills for an <term>EV</term> cert,
likely even heftier than usual, will probably continue to be paid by
the sites requesting the certificates.

<p>This does nothing to change the financial dynamics that make the
system currently so untrustworthy.  But it does relegate sites who
can't pay the new larger fees to a second-class level of
<q>security</q>, and it minimizes the number of entities considered
officially capable of being an <term>EV</term>-cert-granting
<term>CA</term>, further consolidating the power of the few at the
top.

<h4>CACert.org</h4>

Another interesting player is <a href="http://cacert.org">CACert</a>.
This is a group that has set up to operate in the fashion of a typical
certificate authority, but has set up <a
href="http://wiki.cacert.org/wiki/FAQ/AssuranceIntroduction">a
sophisticated, clear system</a> explaining what it will take for them
to grant you certification, based strictly on a network of trust built
among their membership.  This is a pretty good model, but it's a shame
that they're the only one implementing anything like it.  There should
be multiple organizations with comparable models to this, so that each
user could make hir own decisions about who they actually trust.

<p>Another downside to CACert is the fact that their certificates are
<em>still issued only by one agency</em> &mdash; the CACert
<term>CA</term>.  Even though they explicitly say they will only grant
certificates according to their model, if their infrastructure is
somehow compromised, it's possible for an attacker (or malicious
employee) to issue certificates as CACert without following their
published protocol.

<h3>Don't throw out the baby with the bathwater</h3>

All of this might seem more complicated than it needs to be; it's
worth asking whether we need any of this at all.  I want to make it
clear that <em>we do need secure communications</em>.  As activists,
politically-outspoken workers, anti-authoritarians, or simply people
who want to preserve our right to dissent, we need to be able to
communicate to each other without eavesdropping or &mdash; worse
&mdash; interference or impersonation.  As members of a capitalist
society, we are also purchasers and vendors of goods and services, and
monetary donors and recipients.  We need those transactions to be
handled safely, so that we don't have our financial backing usurped.

<p>More than just needing secure communications, we need secure
communications without faceless, unaccountable, politically-fickle,
mercenary gatekeepers.  We need to take control of our own
communications by taking responsibility for them.

<h2>Moving forward</h2>

So where can we go from here on the specific problem of the stunted
<term>TLS</term> architecture?

<h3>An alternate architecture exists!</h3>

I mentioned earlier that there is an alternate proposal &mdash; <a
href="http://www.ietf.org/internet-drafts/draft-ietf-tls-openpgp-keys-11.txt"><term>OpenPGP</term>
Certificates instead of <term>X.509</term> certificates</a> &mdash;
which allows multiple signatures per certificate.  The proposal is
designed to be implementable in parallel with existing
<term>X.509</term> certificates.  However, it is not widely
implemented or adopted yet.

<p>Most programs which use <term>TLS</term> do not actually implement
their TLS functionality directly.  Instead, they make use of software
<term>libraries</term>, which are collections of code that can be used
by many programs.

<p>At least one TLS library exists which can use OpenPGP certificates:
the free <a href="http://www.gnu.org/software/gnutls/">GnuTLS
library</a> has supported <term>OpenPGP</term> certificates in
addition to <term>X.509</term> certificates since at least the end of
2003.  Tools (like web browsers) which use the GnuTLS library
basically can get this extra feature without any extra work.

<p>However, the <a href="http://openssl.org/">OpenSSL library</a> is
by far the most widely-used free library, and it only includes support
for <term>X.509</term> certificates.  Some developers <a
href="http://www.mail-archive.com/openssl-dev@openssl.org/msg21728.html">are
discussing adding OpenPGP support for OpenSSL</a>, but it's doubtful
that anything will be ready in the near future.  Tools which
use OpenSSL are going to take a while to migrate to this new
architecture.

<p>So what needs to happen?  Web browsers (and other TLS-enabled
clients) need to start working with the new architecture.  Web servers
(and other TLS-enabled servers) need to start working with it as well.

<p>One of the reasons to focus on Free Software (as covered by Amanda
Hickman elsewhere in this book) is that we have an opportunity to
contribute changes that we want to see.  The big proprietary software
makers may not share our agendas, or may actually be antagonistic.

<h3>Web Browser Buy-in</h3>

<a href="http://mozilla.com/firefox/">Mozilla Firefox</a> is probably
the widest-distributed Free Browser today.  In my version of it on my
<a href="http://debian.org/">debian</a> operating system, it actually
already uses the GnuTLS library, but I haven't reviewed the sources to
see how it gets used (it could be used for library features unrelated
to certificate verification).  Furthermore, there is no clear way
through the Firefox graphical interface to manage OpenPGP
<term>CA</term>s, the way there is to manage <term>X.509</term>
<term>CA</term>s.  So that needs work.  Firefox is also the basis for
the proprietary Netscape browser, so any fix to Firefox could have an
effect there.  Many other Free browsers also derive from Firefox, so a
fix here would be a big win.

<p><a href="http://www.konqueror.org/">Konqueror</a> is another
leading Free browser with an effect on other tools (Macintosh's <a
href="http://www.apple.com/safari/">Safari</a> is based on Konqueror).
It seems to use an SSL wrapper library (<tt>kssl</tt>) to talk to
other libraries, but it appears to use OpenSSL exclusively at the
moment.  A fix to <tt>kssl</tt> to allow it to talk to GnuTLS would
actually enable OpenPGP certificates for all the software in the <a
href="http://kde.org/">KDE</a> suite.

<p>Finally, a couple of text-mode browsers, <a
href="http://elinks.or.cz/"><tt>elinks</tt></a> and the venerable <a
href="http://lynx.browser.org/"><tt>lynx</tt></a> appear to use the
GnuTLS library these days.

<h3>Web Server Buy-in</h3>

<a href="http://httpd.apache.org//"><tt>apache</tt></a> is the
flagship Free web server.  While the standard way to make apache work
with <term>TLS</term> is the OpenSSL libraries via <a
href="http://www.modssl.org/"><tt>mod_ssl</tt></a>, a new module
called <a
href="http://www.outoforder.cc/projects/apache/mod_gnutls/"><tt>mod_gnutls</tt></a>
aims to make <tt>apache</tt> work with GnuTLS.  However,
<tt>mod_gnutls</tt> is still in its infancy, and is not clear if it is
able to support OpenPGP keys or not.

<p>Other web servers operate behind separate processes which handle
all the <term>TLS</term> wrapping.  These servers should be more
easily switched to a library which supports <term>OpenPGP</term>.  And
<tt>gnutls-serv</tt> appears to offer itself as a rudimentary web
server as well, if you needed a server to test browsers.

<h3>Next Steps</h3>

<p>What can you do, yourself?  Depending on how you use computers,
there are different things you might want to do.  If some of them seem
confusing or you aren't sure how to start them, ask for help!  There
are web forums, mailing lists, and user groups filled with people who
are interested in helping out.

<dl>

<dt>All users</dt><dd>If you are a typical computer user these days,
using standard tools, you can't switch to this new architecture all by
yourself yet.  But you can prepare yourself for a move to a more open,
secure architecture in a number of ways: <ul><li>Adopt free software,
which are the most likely tools to move to this new architecture
first.  Start with your web browser: If you are not using Mozilla
Firefox, Konqueror, or some other free browser as your primary web
browser, try to make the switch.<li>Learn about encryption by setting
yourself up with some tools.  You can actually run GPG (an
implementation of the <term>OpenPGP</term> standard) freely on any
modern operating system. There are <a
href="http://enigmail.mozdev.org/">graphical front-ends</a> and <a
href="http://www.gnupg.org/gph/en/manual.html">tutorials</a< available
online which might help you get a feel for managing certificates,
signatures, and alternate authorities.<p>When using your web browser
with normal <term>HTTPS</term> connections, start checking who the
issuer is, and thinking about the chains of trust explicitly.</dd>

<dt>Webmaster</dt><dd>If you manage a website, and your site doesn't
use <term>HTTPS</term>, consider offering it as an option so that your
users can communicate with your site securely.  For technical reasons,
this will usually mean that you need your web site to have its own IP
address.  In the process of doing this, you'll also need to generate
an <term>X.509</term> certificate, as discussed here.  You can either
generate your own certificate (self-signed), get a commercial
<term>Certificate Authority</term> to sign one for you, or you could
ask for a cert from an alternate CA (such as CACert.org).  Ask your
system administrator if your web server is one of the few which
supports OpenPGP certificates.  If it does, generate and install one.
If you're not sure how to do any of these steps, ask for help!</dd>

<dt>System Administrator</dt><dd>If you maintain a web server which
offers <term>HTTPS</term>, consider offering support for
<term>OpenPGP</term> certificates.  If you administer an
<code>apache</code> server, you might want to experiment with
<code>mod_gnutls</code> where you would normally use
<code>mod_ssl</code>.</dd>

<dt>Programmer</dt><dd>If you can read or write code, consider digging
into one of the software packages above.  If you see features that
make sense but are not-yet ready for the public, test them and give
feedback.  If you see features that are needed but lacking, write up a
proposal and pass it by the primary maintainer of the software,
offering to implement it yourself if you think you can.</dd>

</dl>


<h3>Who will be the new authorities?</h3>

If we do shift to this new architecture, who will offer these
new-style certificates?  Initially, I imagine that VeriSign and any
other very big commercial <term>CA</term>s won't do it, because of the
threat to their business model.  But smaller <term>CA</term>s might be
convinced to offer this service as an add-on to their existing
business.  And now groups like <a
href="http://mayfirst.org/">MayFirst</a> can simply and easily sign on
as additional certifying agencies.

<p><a href="http://cacert.org/">CACert.org</a> already offers OpenPGP
signatures, so it could probably be used immediately as an initial
authority.

<p>And most importantly, everyone who is aware and interested in these
things can perform their own certifications, and publish them freely.

<h2>Back to the larger issue</h2>

This article goes into some technical detail on one particular corner
of technical infrastructure that we use regularly, and looks at ways
that architectural choices shape the social forces and structures
attached to the infrastructure.  But this is just one small corner.
Most technological protocols we adhere to have social ramifications
which are worthy of consideration.  The <term>Domain Name
System</term>, or <term>DNS</term> is another example: the US
government at the moment wields a heavy influence over its direction
because of some architectural choices, and the placement of a few key
servers.  This has international ramifications, and has actually
caused some political tension recently.

<p>The technical decisions made in the early days of e-mail (as
discussed in one of Jamie McClelland's articles in this book) continue
to shape our lives and our communication choices today, and new
extensions to the basic e-mail protocols will continue to have impacts
on how we can talk to each other.

<p>Technical choices about how we store the music and movies that we
make and listen to, documents and other data, all have social
ramifications and are worthy of inspection and political
consideration.  And if the consideration reveals that there is
technical work to be done to improve the social consequences, we need
to take that work on, and support others who have similar social goals
by adopting their work, even if it means occasional short-term
inconvenience or cost.

<p>If we make these social decisions in solidarity with each other,
together we can build towards an egalitarian, democratic,
non-hierarchical culture that spans the globe.  The alternative is a
fragmented society, where we are connected only to each other by the
mechanisms of financial and cultural control, subjected to the whims
of a small, powerful elite.  So let's get to work!


<hr>
<address></address>
<!-- hhmts start -->Last modified: Tue Feb 20 21:39:19 EST 2007 <!-- hhmts end -->
</body> </html>