Wednesday July 13, 2005
Good article on the value of Trust Anchors I came across this article by Dr. Colin Walter of Comodo today. It is a good read, and to me it is the single most important thing about using SSL to do buisness on the internet. You have to have a high level of assurance in your Trust anchors and trust that they are doing everything in their power to authenticate and verify the entities that they issue certificates to.
In the interests of full disclosure I will point out that my wife used to work for VeriSign/Thawte doing the very job that this article points out is so very important - ie going beyond simple domain possesion and doing real authenitcation and verification. However I was of that opinion even before my wife did that job but it was very encouraging to learn from her how hard it actually is to get a cert for VeriSign or Thawte.
The sad thing is though that there is no realistic way even for security aware people to use the common web browsers in such away that they can easily make value judgements about the site based on its cert, why ? Because all the default browser trust anchors are treated equally even though they aren't equal in the level of assurance they provide, whats more some (eg VeriSign) even provide multiple levels of trust depending on how much the certificate cost but the browser doesn't give the user that information (yes you can find it but doing so is way beyond the skills of even many computer experts, it requires a deep understanding of PKI and of the particular policies of the CAs).
( Jul 13 2005, 12:37:27 AM BST )
Permalink
Comments [0]
Trackback URL: http://blogs.sun.com/darren/entry/good_article_on_the_value1
Comments:
Post a Comment:
This is a personal weblog, I do not speak for my employer.
