Tag: ca

  • X.509 certs are less secure than you might think

    This post is prompted by T.Rob’s recent post “We’re gonna need a bigger crowd” where, among other things, he talks about X.509 certificate security. I agree with the core point of his post – crowd-sourcing is ineffective for highly specialized subjects – but this X.509 subject keeps coming up. It is one of the rare…

  • It’s Time To Abolish SSL Certificate Authorities

    Yet another case this week where unsuspecting users were compromised because a certificate authority that they had never heard of screwed up. In case you hadn’t heard, they issued a certificate for google.com (Google!) to somebody other than Google, and apparently that certificate was in fact used to compromise users in Iran. This is not…