Who Do You Trust with SSL?
Aug 07, 2011, 06:00 (1 Talkback[s])
"The SSL system helps to protect secure communications across
the Internet. It's also a technology that relies on trust;
specifically, the trust of the SSL Certificate Authority (CA),
which may not always be trustworthy, according to security
researcher Moxie Marlinspike.
Speaking at the Black Hat security conference, Marlinspike
detailed issues with the current CA system and proposed a new
system to replace it.
The need to replace the CA system according to Marlinspike was
highlighted by the recent attack on CA provider Comodo in March.
Marlinspike noted that Comodo is the second largest CA in the world
and the attack was able to do a lot of damage. Comodo officially
blamed Iran for the attack.