Certificates and "authorities"
Posted Sep 8, 2011 13:58 UTC (Thu) by Nelson
Parent article: Certificates and "authorities"
Why is it forlorn to hope CAs will keep their systems secured? With this current business model security is what they charge for. Not just that, you pay premiums for increased security. (if you want color bar or different authentication strengths they ask for more money!) The missing piece is the feedback loop, Comodo is big and widely used so when they screw up, nothing happens. Diginotar isn't so when they screw up they get the internet death penalty. More over the cost of the death penalty doesn't simply hurt Diginotar, it hurts their customers.
This business model doesn't work. That's the problem. The protocols work, I even think the browser warnings work. Maybe the solution is to have a third party that assembles CAs, distributes them, runs OCSP services and the end users can pay a fee like with anti-virus or something.
to post comments)