Skip to main content

SSL fix aims to mend huge cracks in Net's foundation of trust

posted onFebruary 27, 2012
by l33tdawg

Open-source software developer Kai Engert has proposed an overhaul to the Internet's SSL authentication system, aiming to minimize the damage that would result from the compromise of one of the authorities trusted by major browsers.

Under version 2 (PDF) of Engert's Mutually Endorsing CA Infrastructure proposal, people connecting to Google Mail, Twitter and other sites protected by SSL would draw on one of three randomly selected notaries to verify that the digital credential being presented is valid. By comparing the SSL certificate's contents to data contained in the voucher returned by the notary, the person's Web browser or e-mail program could quickly spot credentials that have been forged, even when they've been signed using the private key of a legitimate certificate authority. The notaries—or "voucher authorities" as they're called—would be made up of existing CAs.

"The introduction and requirement of vouchers has the benefit that controlling a single CA will no longer be sufficient," Engert, a software developer at Red Hat and a contributor to the Mozilla Project's security team, wrote in the proposal. "If the presence of a valid voucher were mandatory, at least two CAs would have to be involved to create a working rogue identity, one CA signing the certificate, another CA using its VA to produce a voucher."

Source

Tags

Security Networking SSL

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th