User: Password:
|
|
Subscribe / Log in / New account

The case of the fraudulent SSL certificates

The case of the fraudulent SSL certificates

Posted Mar 24, 2011 10:13 UTC (Thu) by job (guest, #670)
Parent article: The case of the fraudulent SSL certificates

Certificate revocation has been broken from the beginning. Not only do you need to worry about careless CAs, but stealing certs is way too easy given the security state of web applications. Other important parts of SSL is also broken, such as the ability to delegate and trust a particular cert only on your subdomains.

I wish we could just use DNSSEC for this, but things move very slowly. While I understand the concern that DNS is not identity, I strongly believe that is not the common use case. I am much more often concerned that the certificate I am presented with is legitimate for "lwn.net", than that it belongs to "Eklektix Inc."


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds