Fraudulent *.google.com certificate issued

Posted Sep 1, 2011 20:57 UTC (Thu) by sgros (guest, #36440)
In reply to: Fraudulent *.google.com certificate issued by butlerm
Parent article: Fraudulent *.google.com certificate issued

Maybe the real solution is somewhere in the middle? There is golden rule in the security that nothing is secure. In essence, any cracker with enough resources (think some government) can attack any CA and issue fraudulent certificates. And nothing can be done against it.

But, it can be made harder. What do you think about using multiple CAs? In other words, browser/user requires that server's certificate is signed by two (or even more) CAs in order to be accepted as valid?

I wrote a bit about that in a short blog post. I appologize for a shameless self promotion but I wanted it to be on one more public place than this comment section. Also, I thought that I already wrote a comment but can not find it.