Implications of Security Enhancements and Interventions for Core Internet Infrastructure

Security enhancements to the Internet are often implemented as hierarchical and centralizing structures grafted onto what is fundamentally a decentralized design. Hierarchical structures, such as DNSSEC and RPKI, provide a convenient way to enforce consistency and prevent important categories of security violations. They also provide a locus of control for trusted authorities who have access to the higher levels of the hierarchy. These control points can be used to enforce many kinds of policy interventions, including local laws and censorship. This paper considers three security enhancements, DNSSEC, SSL PKI, and RPKI, which provide secure translation infrastructures through a hierarchical authentication system. It reviews the design of each system, describes the security vulnerabilities that they protect against and how attackers have responded, explains how centralized authorities have used them to exercise unilateral control, and discusses the tradeoffs and risks associated with these interventions. The paper then considers the policy implications of these interventions and proposes some guiding principles to mitigate negative consequences.