Technology & Society Distinguished Speaker Series: Jean Camp on “Forgotten Promise, Current Peril, & Future Potential of the Internet Trust Architecture”
March 16, 2022
Please join us for the inaugural event in the Technology & Society Distinguished Speaker Series: Advancing Human Values in a Digital Age.
Jean Camp, from the Luddy School of Informatics, Computing, & Engineering at Indiana University, will give a talk titled “Forgotten Promise, Current Peril, & Future Potential of the Internet Trust Architecture” on Thursday, March 17, 2022 from 3:30 – 5:00 p.m. ET in Healy 103.
The Public Key Infrastructure (PKI) determines what code our computers install, the web sites we recognize as trustworthy, and what apps our phones will accept. The reliability of the PKI ecosystem depends on the trustworthiness of the Certificate Authorities (CAs), the code, the cryptography, and the selection of keys. It also depends on the governance structure and human factors. Who decides what roots of trust are shipped as part of browsers and phones, and in the future automobiles, toys, appliances, and airplane components? There are no currently explicit restrictions of jurisdiction for the certificate authorities. And all of these roots are trusted equally. Revocation practices, once certificates are found untrustworthy, are not consistent. These trust assumptions are socio-technical assumptions. The talk includes an overview of emerging standards, current state, and past practice in PKI. The challenges for a trustworthy PKI include governance aligned with the implications of trust on today’s network and human-centered risk communication as much as hardened code, robust keys, and cryptographic agility. All of these are intertwined in a complex, interdependent socio-technical system. I begin with the results of a survey of nontechnical web users, move through expert interviews, present the resulting failure modes, and then report on a comprehensive study of known public key incidents. Jean closes with the current challenges to PKI and as many open questions as possible solutions.