Thwarted by the CEO?
The CEO of every CA should be chained to their desks to manually verify everything until they can prove their systems security. That'd encourage them to take security more seriously.
GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar. The self-named Comodohacker used pastebin in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The …
"Every so often, the English shoot an admiral, to encourage the others."
Perhaps the browser makers having just assassinated one CA, will encourage better behaviour from the others for a while. I wonder if we could bring this policy to other badly performing corporate sectors? Although maybe I'm being unfair, and Global Sign would have been this good anyway.
However, it should be pointed out that governments round the world didn't bail out all the banks, but allowing a couple to go bust hasn't noticeably improved behaviour or attitudes in the rest.
But sometimes, a healthy fear of consequences can work wonders.
chain of trust is ... I trust browser .. browser trusts ca ... ca trusts anybody they like
Dont blame the ca ... blame the browser for gaily trusting a clearly untrustworthy ca
Blame yourself for trusting untrustworthy browsers ... although you have little chance except with ff plugins to find a trustworthy browser.
Biting the hand that feeds IT © 1998–2022