Skip to main content

The Osmio Charter

Decades ago, some brilliant mathematicians invented a kind of digital construction material that could solve all of our major problems with the use of the Internet. Done right, PKI can eliminate online fraud, phishing attacks, malware, identity theft, and on and on.

One of the things PKI calls for is a “certification authority.” Just like a public agency that signs things like birth certificates, passports and drivers’ licenses, the job of a CA is to provide legitimate authority to back up a claim. When you see “https://” in a Web address, a certification authority has signed a digital certificate attesting that the domain really belongs to the bank or other company whose name is on the site.

Or that’s the way it’s supposed to work – but PKI wasn’t done right. For one thing, many of those who deployed PKI ignored the meaning of the word “authority” in “certification authority.” Matt Blaze, one of the original PKI folks famously pointed out, “A commercial certification authority protects you from anyone whose money they refuse to take.”

Even if a commercial enterprise exhibits extraordinary integrity, it can be sold to someone who lacks such integrity. (Indeed, who is more likely to buy a business with an integrity asset than one that lacks an integrity asset?)

As a result of this casual treatment of the word “authority,” the certification industry has become a mess. Certification authorities have indeed been bought and sold. We have “resellers” who will issue you a certificate attesting that you own the domain of any large company. Trust has been eroded everywhere.

Like the city where you live, the City of Osmio cannot be bought and sold, because, like the city where you live, it’s owned by its residents. When you go to city hall, you know you’re dealing with duly constituted public authority.

And unlike a commercial enterprise that’s governed in secret by a closed board of directors, the City of Osmio, like most cities, is governed by its residents. You are welcome, and encouraged, to participate in the governance of the City of Osmio and its certification authorities.

Osmio’s practices are built on a set of principles called the Quiet Enjoyment Infrastructure. In QEI, integrity comes from the accountability of individual people. Certificates attest to the identity of people, not objects such as websites or servers or companies. Your building’s occupancy permit is signed by people – by licensed professionals including an architect, contractor, and building inspector.

Osmio does provide for traditional applications of digital certificates such as websites, software code, etc. But with Osmio, sites are signed by signing officers: professionally licensed individuals who assume personal and professional responsibility for the legitimacy of the use of a web domain.

Welcome to the Municipal Charter of the City of Osmio. Take a moment to read it and see how Osmio applies the proven principle of individual accountability to the digital world.