Laurie: Improving SSL certificate security

Posted Apr 6, 2011 9:26 UTC (Wed) by jamesh (guest, #1159)
In reply to: Laurie: Improving SSL certificate security by geuder
Parent article: Laurie: Improving SSL certificate security

It shouldn't have been possible to for the attacker to create Domain Validated certificates, but they managed to due to policy problems (possibly due to them outsourcing the validation to a reseller?).

For EV certificates, we're being told that they are more secure because the CAs would never take similar shortcuts when validating these new certificates.

The existing track record of CAs doesn't inspire confidence that we'll never see a bogus EV certificate.

Laurie: Improving SSL certificate security

Posted Apr 6, 2011 15:41 UTC (Wed) by martinfick (subscriber, #4455) [Link]

No, really, I mean it, you can trust this certificate (it is an EV). Well, what about that other one you issued that isn't an EV? Oh, you can trust that one too, we issued it. So, then why would I get an EV one? Because you can really trust an EV one. So I can't trust the non EV one? Well, no, of course, you can. ....[repeat]

Laurie: Improving SSL certificate security

Posted Apr 6, 2011 17:55 UTC (Wed) by dlang (guest, #313) [Link]

it doesn't really matter, when the EV certs get down to the level of normal certs, they will invent 'new, really secure, we really mean it this time' certs and jack up the price on them even more. and a few years later they will do it again.