dc.contributor.advisor | David D. Clark and Daniel J. Weitzner. | en_US |
dc.contributor.author | Specter, Michael Alan | en_US |
dc.contributor.other | Technology and Policy Program. | en_US |
dc.date.accessioned | 2016-08-26T14:39:45Z | |
dc.date.available | 2016-08-26T14:39:45Z | |
dc.date.copyright | 2016 | en_US |
dc.date.issued | 2016 | en_US |
dc.identifier.uri | http://hdl.handle.net/1721.1/104028 | |
dc.description | Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016. | en_US |
dc.description | Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016. | en_US |
dc.description | Cataloged from PDF version of thesis. | en_US |
dc.description | Includes bibliographical references (pages 71-75). | en_US |
dc.description.abstract | Certificate Authorities (CAs) play a crucial role in HTTPS, the mechanism that secures all of the web's most important communication; if it has a log-in page, it must use HTTPS. However, recent history is littered with instances of CAs unabashedly undermining the trust model of the web in favor of economic gain, causing catastrophic harm to users in the process. The purpose of this thesis is to understand how well user, domain owner, and browser vendor controls function in order to evaluate methods of realigning CA incentives. Using a compendium of past incidents of CA failure as a series of natural experiments, along with a large dataset of all publicly available certificate collections, we find that it is possible to causally link a very slight increase in domain owners leaving a CA when a CA acts inappropriately. We further find that the technical architecture of the CA system leaves users without effective control over which CAs they trust, and that browsers face certain difficulty in distrusting larger CAs. The end result is a system where large CAs can unilaterally undermine the trust model of the web without clear repercussion. | en_US |
dc.description.statementofresponsibility | by Michael Alan Specter. | en_US |
dc.format.extent | 75 pages | en_US |
dc.language.iso | eng | en_US |
dc.publisher | Massachusetts Institute of Technology | en_US |
dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
dc.subject | Institute for Data, Systems, and Society. | en_US |
dc.subject | Electrical Engineering and Computer Science. | en_US |
dc.subject | Engineering Systems Division. | en_US |
dc.subject | Technology and Policy Program. | en_US |
dc.title | The economics of cryptographic trust : understanding certificate authorities | en_US |
dc.type | Thesis | en_US |
dc.description.degree | S.M. in Technology and Policy | en_US |
dc.description.degree | S.M. | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
dc.contributor.department | Massachusetts Institute of Technology. Engineering Systems Division | |
dc.contributor.department | Massachusetts Institute of Technology. Institute for Data, Systems, and Society | |
dc.contributor.department | Technology and Policy Program | |
dc.identifier.oclc | 957287604 | en_US |