Towards Sustainable Evolution for the TLS Public-Key Infrastructure

Motivated by the weaknesses of today's TLS public-key infrastructure (PKI), recent studies have proposed numerous enhancements to fortify the PKI ecosystem. Deploying one particular enhancement is no panacea, since each one solves only a subset of the problems. At the same time, the high deployment barrier makes the benefit-cost ratio tilt in the wrong direction, leading to disappointing adoption rates for most proposals. As a way to escape from this conundrum, we propose a framework that supports the deployment of multiple PKI enhancements, with the ability to accommodate new, yet unforeseen, enhancements in the future. To enable mass adoption, we enlist the cloud as a "centralized" location where multiple enhancements can be accessed with high availability. Our approach is compatible with existing protocols and networking practices, with the ambition that a few changes will enable sustainable evolution for PKI enhancements. We provide extensive evaluation to show that the approach is scalable, cost-effective, and does not degrade communication performance. As a use case, we implement and evaluate two PKI enhancements.