back to article Marlinspike asks browser vendors to back SSL-validator

Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials. The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust in …

COMMENTS

This topic is closed for new posts.
Go

Very Timely

The situation is worse than CAs with conflicts of interest and hacked CAs: if a CA sets out to do bad stuff it can pretty much go ahead and do it. By the time the act is discovered and certificates revoked millions or billions may have been stolen or people locked up, tortured or dead (think bad govt. controlled CA).

Trustwave has just been caught with its pants down on this (http://www.h-online.com/security/news/item/Trustwave-issued-a-man-in-the-middle-certificate-1429982.html) but naturally they are claiming that they only did it with good in mind and nothing could possibly have gone wrong, but they say(!) they won't do it again anyway.

Yup, I'm reassured too!

0
0
Silver badge

any idea what product it was used in?

It had never occurred to me to get a certificate issued for *. I've generated internal certificates for *.internal.network and the work fine.

I wonder how much they charged for it and if they had to issue a refund.

0
0
FAIL

Let me get this straight...

Let me get this straight Moxie, you are proposing we implement 3rd party validation for our 3rd party validation? There must be a better way!

1
0
Anonymous Coward

Any certificate validation is completely buggered by my companies use of bloody Websense which performs a man in the middle attack on HTTPS traffic, although apparently not banking sites we are reassured.

0
0
Anonymous Coward

Multiple signatories

An alternative solution: https://grepular.com/Solving_the_SSL_CA_Debacle_Using_Multi-Signed_Certs

0
0
Big Brother

We at the NSA

love this proposal and are willing to provide at least 50 Notaries forthwith. The Notary function will merge nicely with our Faux CA business.

0
0
This topic is closed for new posts.

Forums