So I think the real issue around SSL encryption techniques, certificate issuance and ked distribution mechanism is the validity of the certificate based on whos authorized to create and disseminate them not just the Certificate Authority (CA) role or function. SSL/HTTPS is pretty fundamental to most web-based transactions, thus not going away any time soon. Maybe certificate and key creation need to be done in whats the equivalent of a foundry protected by hardware roots of trust, attestation or something analogous to Permissive Action Link (PAL), i.e., the 2-man rule. Authentic certificates, and associated private keys need to be better protected as well thinking out loud here there are good examples of this emerging in the CSP space Thales comes to mind combined with Microsoft Rights Management server
Posted December 19, 2013 at 11:19 AM | Permalink | Reply
John Pescatore
The CA plays a pretty important role in making sure that a certificate is only issued to the appropriate/legitimate/valid person/organization ''" that's the registration function. Unfortunately, the SSL certificate industry has focused mostly on reducing the cost of registration vs. increasing the rigor ''" despite efforts like Extended Validation certs.
Posted December 17, 2013 at 4:50 PM | Permalink | Reply
Marc Kolenko
So I think the real issue around SSL encryption techniques, certificate issuance and ked distribution mechanism is the validity of the certificate based on whos authorized to create and disseminate them not just the Certificate Authority (CA) role or function. SSL/HTTPS is pretty fundamental to most web-based transactions, thus not going away any time soon. Maybe certificate and key creation need to be done in whats the equivalent of a foundry protected by hardware roots of trust, attestation or something analogous to Permissive Action Link (PAL), i.e., the 2-man rule. Authentic certificates, and associated private keys need to be better protected as well thinking out loud here there are good examples of this emerging in the CSP space Thales comes to mind combined with Microsoft Rights Management server
Posted December 19, 2013 at 11:19 AM | Permalink | Reply
John Pescatore
The CA plays a pretty important role in making sure that a certificate is only issued to the appropriate/legitimate/valid person/organization ''" that's the registration function. Unfortunately, the SSL certificate industry has focused mostly on reducing the cost of registration vs. increasing the rigor ''" despite efforts like Extended Validation certs.