Security mandates aim to shore up shattered SSL system

Posted on Friday, January 13, 2012 @ 15:27:09 PST in Security
by Raven

Southern writes:  
Too little, too late

A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software.

The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to prevent security breaches that compromise the tangled web of trust that forms the underpinning of the SSL certificate system. Its release follows years of mismanagement by individual certificate authorities permitted to issue credentials that are trusted by web browsers. Most notable is this year's breach of DigiNotar, which led to the issuance of a fraudulent certificate used to snoop on 300,000 Gmail users in Iran.

The four dozen or so members of the CAB Forum still have a way to go, since their requirements are meaningless unless they are mandated by the software makers who place their trust in the authorities.

more: Packet Storm Security
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 338,989,117
  • Today: 17,079
Server InfoServer Info
  • Oct 19, 2017
  • 05:36 am PDT
 
 

Daily Inspiration