Welcome to WebmasterWorld Guest from 54.196.231.129

Forum Moderators: phranque

Message Too Old, No Replies

New Proposal To Strengthen Public Key Infrastructure, SSL Chain

     
5:03 pm on Nov 22, 2011 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22313
votes: 239


New Proposal To Strengthen Public Key Infrastructure, SSL Chain [computerworld.com]
The Electronic Frontier Foundation (EFF) is proposing an extension to the current SSL chain of trust that aims to improve the security of HTTPS and other secure communication protocols.

EFF's "Sovereign Keys" (SK) specification is designed to give domain owners control over the link between their domain names and their certificates after recent Certificate Authority (CA) compromises raised serious questions about the security of the entire Internet Public Key Infrastructure (PKI).

7:37 am on Nov 23, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


More control for webmasters over their own web properties, I'm all for it. The fewer companies and 3rd party servers required the better.

These validated domain-certificate associations are kept on so-called timeline servers and are synchronized with mirrors that are queried by clients.


Ah well.
9:59 am on Nov 23, 2011 (gmt 0)

New User

joined:Oct 17, 2011
posts:21
votes: 0


In essence, the SK model reduces the number of attack points from hundreds of CAs to 30 or fewer servers where any compromise can be detected automatically. Suspicious entries and other indications of a security breach will cause a compromised server to be immediately ignored by mirrors and clients alike.


One good DoS attack and HTTPS breaks for everyone, everywhere!
6:41 pm on Nov 23, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2001
posts:1281
votes: 0


I think the recent Certificate Authority compromises were the tip of a newly emerging iceberg. Funny how the rhetoric goes '...it would take a hacker a zillion years to crack this' Then ...Hacked Do'h!