Security problems with CAs

Posted Dec 26, 2008 13:21 UTC (Fri) by vonbrand (subscriber, #4458)
In reply to: please move this stuff into DNS by TRS-80
Parent article: SSL man-in-the-middle attacks

Sad fact is that really checking is expensive, and CAs aren't in the business of "wasting" money to then turn a paying customer away... plus certificates are the same whether they are meant to protect (probably not very interesting) email from prying eyes, commercial transactions in the range of a few tens of dollars, or multi-million dollar movements. The association of the "personal" certificate with all sorts of identifying data makes the planned use of those a privacy nightmare. The whole concept is deeply flawed. For an in-depth discussion of the current issues, look at Peter Gutmann's PKI tutorial (a large PDF presentation).