Public certificate authorities in TLS are a security liability from both a censorship and MITM perspective. Conceptually, DNSSEC's idea of tying PKI to domain names should be a better replacement -- except that in the DNS, relying on the names means trusting the registrars, registries, and ICANN. But what if we had self-authenticating domain names? Could we build a PKI on top of those? Could such a PKI work with unmodified mainstream web browsers like Chromium, Firefox, and Tor Browser?

We've done exactly that. Namecoin (a blockchain naming system providing the .bit TLD) and Tor (an anonymity network providing the .onion TLD) provide the self-authenticating domain names. This talk covers how we made the PKI. Topics to be discussed include:

• Why public certificate authorities are dangerous.
• Prior work on using DNS as a PKI (and why it's less useful for us than you might think).
• How we creatively used API's to get mainstream TLS implementations to use Namecoin to validate TLS certificates.
• Why you might want to use TLS with Tor onion services (and why onion service encryption might not be as secure as you think).
• How we generalized Namecoin TLS to work with Tor onion services.
• How we made TLS implementations that don't support Ed25519 work anyway with Tor onion services (which rely on Ed25519).
• How we can use TLS with Namecoin without putting a TLSA record on the blockchain (for better scalability).
• How Namecoin's smart contract functionality (allowing multisig and timelocks to control updating a name) interacts with PKI use cases.
• How we generalized Namecoin and Tor PKI to work with non-TLS protocols.
• How revocations can be handled securely.
• How we ensured anonymity (including Tor stream isolation) despite TLS implementations not providing API's for this.