Fraudulent *.google.com certificate issued
Posted Sep 1, 2011 20:57 UTC (Thu) by sgros
In reply to: Fraudulent *.google.com certificate issued
Parent article: Fraudulent *.google.com certificate issued
Maybe the real solution is somewhere in the middle? There is golden rule in the security that nothing is secure. In essence, any cracker with enough resources (think some government) can attack any CA and issue fraudulent certificates. And nothing can be done against it.
But, it can be made harder. What do you think about using multiple CAs? In other words, browser/user requires that server's certificate is signed by two (or even more) CAs in order to be accepted as valid?
I wrote a bit about that in a short blog post. I appologize for a shameless self promotion but I wanted it to be on one more public place than this comment section. Also, I thought that I already wrote a comment but can not find it.
to post comments)