KeyChest Blog

Can blockchain remove the need for an SSL certificate authority?

Jun 14, 2019 2:08:01 PM / by Dan

Let’s think about what blockchain does and what a certification authority (CA) does.


Blockchain is basically a chain of signatures. You create a digital signing key and sign data/transaction with it. Each new signature is over 2 items:

  1. the data/transaction you want to sign - it could be a string with a “public key” and “name”; and
  2. the previous signature you created.

CA verifies that a certain “name” belongs to YOU, that you own a “public key”, and binds the “name” and “public key” together with a digital signature. YOU can be a domain name, email address, an organisation, a physical person with a postal address, and so on. CA will use any of a number of methods to verify that the “name” is YOU. The signature at the end is the easy part.

So Blockchain can create a signature, but that is hardly enough to replace CA. But let’s say, we want use Blockchain. The first question would be - who verifies that the “name” is you, who will be responsible for the correctness, how you compare independent proves, if you expect more than 1.

On a side-note, good CAs will sign all their operational log as a “blockchain”, i.e., linked together. :)

Tags: certificate, security, quora


Written by Dan