Hackers of India

Trust Resiliency - A Lesson Learned from Russia Ukraine War

By  Ajit Hatti  on 07 Aug 2023 @ C0c0n


Presentation Material

AI Generated Summarymay contain errors

The speaker discusses the issue of India’s reliance on foreign Certificate Authorities (CAs) and the potential risks it poses to national security. The main concern is that if a NATO country decides to revoke certificates issued by Indian CAs, and other countries follow suit, in accordance with the military alliance, , then it would cause significant disruptions to online services in India.

The speaker presents three options to address this issue:

  1. National level: Establish an independent Indian Certificate Authority (ICA) that is managed predominantly by industry and community, free from government control.
  2. Technical level: a. Dual signing certificates: Require two CAs to sign a certificate, ensuring that both must agree to revoke it simultaneously. b. Cross-signing of certificates: Allow foreign companies operating in India to use Indian-issued certificates, with reciprocal actions if another country revokes an Indian entity’s certificates.
  3. Community-based options: a. Create a global CA Without Borders, free from political associations or control. b. Develop and maintain an indigenous Indian browser, ensuring trust is managed locally.

The speaker emphasizes the need for India to have its own trusted CA, managed by industry and community, to mitigate the risks of relying on foreign CAs. They also highlight the importance of technical solutions, such as dual signing certificates and cross-signing, to ensure the security and integrity of online services in India.