Sovereign Keys Introduction
Secure communication over the internet depends almost exclusively on Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS). In order to understand the Electronic Frontier Foundation’s (EFF) Sovereign Keys proposal, we need to take a closer look at how public key cryptography works as well as the public key infrastructure (PKI) that is in place to manage the public/private keys that are relied on for TLS. After discussing public key cryptography and PKI, we will discuss current implementations of SSL/TLS and the numerous components therein: Domain Name System (DNS), Certificate Authorities (CA) and client/server implementation. Finally, we will discuss the primary weaknesses in the current implementation, the Sovereign Keys proposal and how it aims to remedy those weaknesses.
To begin, we need to understand public key cryptography, which is also known as asymmetric cryptography. In asymmetric cryptography there must exist two keys in which to provide for the desired cryptographic functions – namely the encryption/decryption of plaintext/ciphertext or the generation/validation of a digital signature. This differs from symmetric cryptography, which only utilizes a single key for desired cryptographic functions. The two keys utilized in asymmetric cryptography are commonly referred to as the public and private key. As the name implies, the public key is ultimately made public and utilized in encrypting plaintext and verifying digital signatures. Public keys are therefore made available to be public and not protected as a private key is. Private keys, on the other hand, are utilized to decrypt ciphertext (ciphertext is the result of running an encryption algorithm on plaintext) and to generate a digital signature. (“Introduction to Public-Key”, 2014)(“Public-key Cryptography”, 2014)