Currently browsing tag

ca

X.509 certs are less secure than you might think

This post is prompted by T.Rob's recent post "We’re gonna need a bigger crowd" where, among other things, he talks about X.509 certificate security. I agree with the core point of his post – crowd-sourcing is ineffective for highly specialized subjects – but this X.509 subject keeps coming up. It is one of the rare…

It’s Time To Abolish SSL Certificate Authorities

Yet another case this week where unsuspecting users were compromised because a certificate authority that they had never heard of screwed up. In case you hadn't heard, they issued a certificate for google.com (Google!) to somebody other than Google, and apparently that certificate was in fact used to compromise users in Iran. This is not…