SSL certificates today are to security as balsa wood is to strength.
Posted December 17, 2013 at 4:50 PM | Permalink | Reply
So I think the real issue around SSL encryption techniques, certificate issuance and ked distribution mechanism is the validity of the certificate based on whos authorized to create and disseminate them not just the Certificate Authority (CA) role or function. SSL/HTTPS is pretty fundamental to most web-based transactions, thus not going away any time soon. Maybe certificate and key creation need to be done in whats the equivalent of a foundry protected by hardware roots of trust, attestation or something analogous to Permissive Action Link (PAL), i.e., the 2-man rule. Authentic certificates, and associated private keys need to be better protected as well thinking out loud here there are good examples of this emerging in the CSP space Thales comes to mind combined with Microsoft Rights Management server
Posted December 19, 2013 at 11:19 AM | Permalink | Reply
The CA plays a pretty important role in making sure that a certificate is only issued to the appropriate/legitimate/valid person/organization ''" that's the registration function. Unfortunately, the SSL certificate industry has focused mostly on reducing the cost of registration vs. increasing the rigor ''" despite efforts like Extended Validation certs.
* Indicates a required field.
OS X as a Forensic PlatformBy David M. Martin
DevSecOps Transformation: The New DNA of Agile BusinessBy Dave Shackleford
Indicators of Compromise TeslaCrypt MalwareBy Kevin Kelly
Last 25 Papers »
Still time to register & choose from a free #GNFA Cert a [...]February 24, 2017 - 3:35 AM
#SANSPaper: OS X as a Forensic Platform. Configuring a nativ [...]February 23, 2017 - 9:40 PM
Check out the amazing #SOCSummit agenda @ccrowmontance @eric [...]February 23, 2017 - 9:05 PM
Mon-Fri 9am - 8pm EST/EDT
"This has been a great way to get working knowledge that would have taken years of experience to learn."- Josh Carlson, Nelnet
"Because of the use of real-world examples it's easier to apply what you learn."- Danny Hill, Friedkin Companies, Inc.
"SANS is far more in-depth than other training I have attended."- Frank Rajnai, Sears Canada Inc