back to article Marlinspike asks browser vendors to back SSL-validator

Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials. The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust …

COMMENTS

This topic is closed for new posts.
  1. Ian McNee
    Go

    Very Timely

    The situation is worse than CAs with conflicts of interest and hacked CAs: if a CA sets out to do bad stuff it can pretty much go ahead and do it. By the time the act is discovered and certificates revoked millions or billions may have been stolen or people locked up, tortured or dead (think bad govt. controlled CA).

    Trustwave has just been caught with its pants down on this (http://www.h-online.com/security/news/item/Trustwave-issued-a-man-in-the-middle-certificate-1429982.html) but naturally they are claiming that they only did it with good in mind and nothing could possibly have gone wrong, but they say(!) they won't do it again anyway.

    Yup, I'm reassured too!

    1. Anonymous Coward
      Anonymous Coward

      any idea what product it was used in?

      It had never occurred to me to get a certificate issued for *. I've generated internal certificates for *.internal.network and the work fine.

      I wonder how much they charged for it and if they had to issue a refund.

  2. ARS_Register_uk
    FAIL

    Let me get this straight...

    Let me get this straight Moxie, you are proposing we implement 3rd party validation for our 3rd party validation? There must be a better way!

  3. Anonymous Coward
    Anonymous Coward

    Any certificate validation is completely buggered by my companies use of bloody Websense which performs a man in the middle attack on HTTPS traffic, although apparently not banking sites we are reassured.

  4. Anonymous Coward
    Anonymous Coward

    Multiple signatories

    An alternative solution: https://grepular.com/Solving_the_SSL_CA_Debacle_Using_Multi-Signed_Certs

  5. Reg T.
    Big Brother

    We at the NSA

    love this proposal and are willing to provide at least 50 Notaries forthwith. The Notary function will merge nicely with our Faux CA business.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019