Assertion-Carrying Certificates

Waqar Aqeel, Zachary Hanif, James Larisch, Olamide Omolola, Taejoong Chung, Dave Levin, Bruce Maggs, Alan Mislove, Bryan Parno, Christo Wilson

Research output: Contribution to conferencePaper


Today’s TLS certificates are notoriously difficult to
augment with new features or even new options under the existing
set of features. As a result, the public key infrastructure is unable
to quickly evolve to meet new threats, new deployment consid-
erations, and new capabilities. We observe that, fundamentally,
certificates are a series of logical constraints, limiting what a
given principal is able to do. We sketch the design of assertion-
carrying certificates: certificates that can carry a small amount of
code that can dynamically add to these constraints. We present
what we believe to be the ideal goals of such a language, and
how our initial design in Prolog addresses them. We believe that
this modest change to certificates could empower a far more
evolvable certificate ecosystem.
Original languageEnglish
Publication statusUnpublished - 2 Jun 2020
EventWorkshop on Foundations of Computer Security 2020 - virtuell, United States
Duration: 22 Jun 2020 → …


ConferenceWorkshop on Foundations of Computer Security 2020
Abbreviated titleFCS 2020
Country/TerritoryUnited States
Period22/06/20 → …


Dive into the research topics of 'Assertion-Carrying Certificates'. Together they form a unique fingerprint.

Cite this