Home / News

Proposal on How SSL Certificate Industry Should Be Replaced Gains Some Momentum

  • Oct 12, 2011 10:34 AM PDT
  • Comments: 2
  • Views: 2,468
Print Comment
Network World

SSL replacement proposal made by security expert Moxie Marlinspike, last August at the Black Hat Conference (called 'Convergence'), is gaining some momentum, particularly after the recent hacker attacks on DigiNotar, GlobalSign, Comodo and other SSL certificate authorities that have resulted in fake certificates coming into use on the web, including a fake Google certificate, since revoked. Marlinspike thinks this whole system — which props up the multi-million-dollar certificate authority business today — should be dumped in favor of the idea of the user more directly controlling how the browser trusts certificates based on so-called Convergence "notaries" proving online feedback about what to trust.

Read full story: Network World

Related topics: Cyberattack, Cybercrime, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

Two things David A. Ulevitch  –  Oct 12, 2011 11:48 AM PDT

This has been in the works for a LONG time, and discussed for a while.  SSL has always been a sham.  Momentum had been quietly building for a while, and it just took a few CAs to bring it into the mainstream light.  The idea of embedding SSL fingerprints in DNS has been discussed for years, for instance.

So my two thoughts:
1) This is definitely going to happen.  Chrome will be pushing it the Google way, and Moxie (and many others) will push it the other ways.  Both will probably gain traction.
2) This makes Verisign look very smart for selling off the SSL business to Symantec.  And makes Symantec look like the goofballs they usually are.  Their absolute lack of real security vision is second to none.

# 1 Reply  |  Link  |  Report Problems
IETF DANE Paul Vixie  –  Oct 13, 2011 7:10 AM PDT

The certificate authority system used by the web's e-commerce system is indeed weak.  What's less certain is that it ought to be replaced by multiple approaches, one from Moxie, one from Google, and so on.

The Internet Engineering Task Force (IETF) has a DNS-based Authentication of Named Entities (DANE) working group and is a dozen revisions into a DNSSEC profile for authenticating the certificates needed for e-commerce.

This protocol will work, it will be as secure as DNSSEC itself, and it will scale.  I urge the technical and business communities to get behind a single global standard to replace the X.509 certificate authority system.

# 2 Reply  |  Link  |  Report Problems

To post comments, please login or create an account.

Related Blogs

The Antivirus Uncertainty Principle

  • May 24, 2012
  • Comments: 0

Rethinking Protection Technologies: A Change Has Occurred

  • May 16, 2012
  • Comments: 0

Cel-e-brate v6, Come On!

  • May 15, 2012
  • Comments: 0

Hosters: Is Your Platform Being Used to Launch DDoS Attacks?

  • May 15, 2012
  • Comments: 0

Communications and the London Olympics

  • May 13, 2012
  • Comments: 0
View More

Related News

Google Notifying Half a Million Users Affected By DNSChanger

  • May 23, 2012
  • Comments: 0

Eugene Kaspersky: World Needs International Agreements On Cyber-Weapons

  • May 23, 2012
  • Comments: 1

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

  • May 17, 2012
  • Comments: 0

Gas Pipeline Firms Under Targeted Phishing Attacks

  • May 08, 2012
  • Comments: 0

Iran Investigating Suspected Cyberattack on Its Main Oil Export Terminal

  • Apr 23, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNS SecurityRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

Nominum Launches 1st Comprehensive Mobile Security Solution That Protects Both Network and End User

Frontline and Nominum Deliver Integrated DNS-Based Platform to Enhance Enterprise Security

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

Implementing a Cyber-Security Code of Conduct: Real-Life Lessons From Australia (Webinar)

DDoS Attacks: Top 10 Trends and Truths (Video)

DDoS Attacks: Top Trends and Truths (Webinar)

Internet Grows to More Than 225 Million Domain Names in the Fourth Quarter of 2011

Neustar UltraDNS Basic Launches Add-On Services for Website Monitoring and DNS Server Failover

Neustar And Arbor Networks Cloud Signaling Coalition to Stop Evolving DDoS Threat to Data Centers

Nominum Launches World's First Purpose-Built Suite of DNSā€Based Solutions for Mobile Operators

MarkMonitor Fraud Intelligence Report, Q4 2011

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Verisign to Award New Infrastructure Research Grants

Nixu SNS 2.5 Series Gives Fresh Views on DNS

Neustar Names Joe Pasqua to Head Neustar Labs

Q3 2011 Fraud Intelligence Report

The Spookiest DDoS Attacks in History

Protecting Your Business from DDoS Attacks: Advice from Neustar

A Different Kettle of Phish

View More

Hot Topics

dotMobi

Mobile

Sponsored by
dotMobi
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
Afilias

DNS Security

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Nominum

IPv6

Sponsored by
Nominum
View More