Crockford also has an answer for SSL’s reliance on certificate authorities: a mutual authentication scheme based on a public key cryptographic scheme. Details are scarce, but the idea depends on searching for and trusting the organization’s public key instead of trusting a specific CA to issue the certificates correctly.
Seif would feature cryptographic services based on for ECC (Elyptic Curve Cryptography) 521, AES (Advanced Encryption Standard) 256 and SHA (Secure Hash Algorithm) 3-256. ECC 521 public keys would provide unique identifiers.
Seif would be implemented in browsers via a Helper application, akin to fitting older televisions with set-top boxes so that viewers can receive high-definition signals. Once the browser vendors integrate Seif, the Helper app won’t be necessary.
There are a lot of intriguing elements to Seif, but it is still early stages. The Node implementation, which would run the Seif session protocol, is currently in development. Even without knowing a lot of the details, it’s clear a proposal this ambitious requires the backing of heavy lifters before it can be presented to users.
For example, a major browser maker -- say, Mozilla -- would need to integrate the helper app, and a major website would have to require that all customers use the browser. Other sites and browsers would follow due to competitive pressures, but the question remains whether anyone with that kind of clout would climb aboard the Seif train.
Where we go from here
Trashing everything and starting all over again is not going to happen, so the only option is to make the current Internet harder to attack, Webb says. Instead of trying to fix everything at once, there should be smaller fixes to make it harder to misuse specific portions.
“When your house is on fire and you are waiting for the fire truck to come put water on the house, you save what you can, not walk off to look for a new house,” Webb says.
No one controls the whole Internet, and more important, there's a massive amount of built-in redundancy and resiliency. Fixing it is not a task for only one entity, but a multistakeholder approach involving individuals, corporations, and governments. The ISPs should take charge of fixing the underlying routing issues, but they aren’t the only ones responsible. There are issues with DNS, with how services deploy encryption, and with hardware devices used to connect to services, to name a few.
Sign up for CIO Asia eNewsletters.