A non-profit organisation has brought together a team of experts to tackle SSL governance and implementation issues and promote best practice. The Trustworthy Internet Movement (TIM) is convening a task force that includes Taher Elgamal, one of the creators of the SSL protocol; Moxie Marlinspike, creator of Convergence; Ivan …
"It has set itself the tough task of fixing both the SSL and Certificate Authority (CA) ecosystems."
It certainly does - I thought it was blindingly clear to everyone by now that the "CA ecosystem" simply does not work. The fundamental basis of it is too easy to get wrong and/or break.
don't entirely agree
CA's are vulnerable like any other entity. What we need are stronger punishments for CA's that flout the rules deliberately and the removal of any SSL scheme that doesn't involve real identity verification. There is really no reason why all SSL certs for websites are not required to go through the EV process before issuing.
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...