Authority Done Right
Decades ago, some brilliant mathematicians invented a kind of digital construction material that could solve all of our major problems with the use of the Internet. Done right, PKI can eliminate online fraud, phishing attacks, malware, identity theft, and on and on.
One of the things PKI calls for is a “certification authority.” Just like a public agency that signs things like birth certificates, passports and drivers’ licenses, the job of a CA is to provide legitimate authority to back up a claim. When you see “https://” in a Web address, a certification authority has signed a digital certificate attesting that the domain really belongs to the bank or other company whose name is on the site.
Or that’s the way it’s supposed to work – but PKI wasn’t done right. For one thing, many of those who deployed PKI ignored the meaning of the word “authority” in “certification authority.” Matt Blaze, one of the original PKI folks famously pointed out, “A commercial certification authority protects you from anyone whose money they refuse to take.”
Even if a commercial enterprise exhibits extraordinary integrity, it can be sold to someone who lacks such integrity. (Indeed, who is more likely to buy a business with an integrity asset than one that lacks an integrity asset?)
As a result of this casual treatment of the word “authority,” the certification industry has become a mess. Certification authorities have indeed been bought and sold. We have “resellers” who will issue you a certificate attesting that you own the domain of any large company. Trust has been eroded everywhere.
Like the city where you live, the City of Osmio cannot be bought and sold, because, like the city where you live, it’s owned by its residents. When you go to city hall, you know you’re dealing with duly constituted public authority.
And unlike a commercial enterprise that’s governed in secret by a closed board of directors, the City of Osmio, like most cities, is governed by its residents. You are welcome, and encouraged, to participate in the governance of the City of Osmio and its certification authorities.
Osmio’s duly constituted public authority is described and managed by the Public Authority Component of the Quiet Enjoyment Infrastructure.