[cryptography] fyi: The weakest link in the chain: Vulnerabilities in the SSL certificate authority system and what should be done about them

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Nov 22 19:11:10 EST 2011


JeffH <Jeff.Hodges at KingsMountain.com> writes:

>Of possible interest:
>
>The weakest link in the chain: Vulnerabilities in the SSL certificate
>authority system and what should be done about them

It's not just NGOs that are seeing that browser PKI is "the weakest link in
the chain".  I was recently told of someone at a law workshop in which the
topic of browser PKI and DigiNotar came up.  In their words, "this was a
roomful of people who couldn't tell you what SSL did, but they'd heard of
DigiNotar".  That's a level, and type, of exposure that you really don't want
to get to.

Peter.



More information about the cryptography mailing list