no-image

When Certificate Authority Business Models and Vendor Certificate Policies Clash

A very important “internet trust” discussion is underway that has been hidden behind closed doors for years and in part, still is. While the Comodo , Diginotar, and Verisign Certificate Authority breaches forced discussion and action into the open, this time, this “dissolution of trust” discussion trigger seems to have been volunteered by Trustwave’s policy clarification , and followup discussions on Mozilla’s bugzilla tracking and mozilla.dev.security.policy .

Read Full Article

no-image

Regaining Trust in the PKI

The SSL PKI has been in use and implemented for 15 years now to secure online communications. From its initial proprosals and immediate growth, the need for secured online communications has been met with challenges. The infrastructure and protocol itself is showing signs of wear, with multiple attacks and corrections to the scheme itself. And in its 15th year, an alternative to the Cerificate Authority infrastructure is finally being given some competition with the release and debate around Covergence, an open source alternative to the current system of Certificate Authorities. The graphic below provide a timeline of some of the major events in those past 15 years. Read Full Article