A non-profit organisation has brought together a team of experts to tackle SSL governance and implementation issues and promote best practice. The Trustworthy Internet Movement (TIM) is convening a task force that includes Taher Elgamal, one of the creators of the SSL protocol; Moxie Marlinspike, creator of Convergence; Ivan …
"It has set itself the tough task of fixing both the SSL and Certificate Authority (CA) ecosystems."
It certainly does - I thought it was blindingly clear to everyone by now that the "CA ecosystem" simply does not work. The fundamental basis of it is too easy to get wrong and/or break.
don't entirely agree
CA's are vulnerable like any other entity. What we need are stronger punishments for CA's that flout the rules deliberately and the removal of any SSL scheme that doesn't involve real identity verification. There is really no reason why all SSL certs for websites are not required to go through the EV process before issuing.
- Analysis BlackBerry Messenger unleashed: Look out Twitter and Facebook
- Comment Mobile tech destroys the case for the HS2 £multi-beellion train set
- Nine-year-old Opportunity Mars rover sets NASA distance record
- IT bloke publishes comprehensive maps of CALL CENTRE menu HELL
- Things that cost the same as coffee with Tim Cook - and are WAY more fun