User: Password:
Subscribe / Log in / New account

Multiply-signed certs

Multiply-signed certs

Posted Sep 11, 2011 0:42 UTC (Sun) by dskoll (subscriber, #1630)
Parent article: Certificates and "authorities"

One idea would be for Mozilla et. al. to compile a list of "independent" CAs. That is, CAs that are independent businesses and not subsidiaries of one another. Then users could only trust certs that are signed by N > 1 independent CAs, where users could choose N based on their circumstances.

This would, alas, make life more expensive and more complicated for Web site owners, but it means that hackers would have to compromise N CAs instead of 1 CA to perform a MITM attack. And high-value targets like Google, Paypal, banks, eBay, etc. can surely afford certificates signed by 4 or 5 independent CAs.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds