Trust but verify: when CAs fall short

We’ve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First, only the very same CA that issued a certificate can later revoke it. Second, although web browsers implement several techniques to check the certificate’s revocation status, errors in the procedure are rarely considered hard failures.

Story added 19. February 2013, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Counter Antivirus Service AVCheck Shut Down by Law Enforcement
Using real names online ‘leads to discrimination and harrassment’
Booby-Trapped Messaging Apps Used for Spying: Researchers
DC Health Link Data Breach Blamed on Human Error
Privilege Management: Is removing the rights just plain wrong?
Scams Are a Sport This Summer
Yahoo Faces SEC Probe into Breach Disclosures
IBM Releases Open Source AI Security Tool
D-Link patches “Joel’s Backdoor” security hole in its SoHo routers
Justin Beiber’s Twitter account with 19 million followers gets hacked

Trust but verify: when CAs fall short

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts