Saturday, 14 August 2010

NYTimes on SSL Certificate Issues

The NYT has an article[1] in the Technology section about SSL Certificates and how the profusion of Certificate Authorities (CAs) is a security issue that needs to be addressed. The key issue is that due to the chains of trust (as accepted by browsers like IE and Firefox due to the root certificates that they ship with) entire countries could act as "countries-in-the-middle" and harvest (for lack of a better term) information that the browsers are completely unaware of. The UAE seems to be a case in point (especially with the recent RIM security issues featuring in security headlines across the glove). The article seems to be a continuation on the recent research by the EFF[2] as posted here[3] and here[4].

URL[1]: http://www.nytimes.com/2010/08/14/technology/14encrypt.html
URL[2]: https://www.eff.org/
URL[3]: https://www.eff.org/observatory
URL[4]: https://www.opengear.net/blog/2010/08/08#EFFSSLObservatory-20100808

[/technology] permanent link