The vulnerability of current browser authentication was highlighted with the hacking of Comodo, an Internet security company (which controls over 95K certificates), making it "too big to fail", e.g. impractical to rescind its authority to issue certificates.
For a detailed discussion of why browser revocation does not work see the 3/22/11 TOR article.
A solution, DNS-based authentication of named entities, is under current discussion.
No comments:
Post a Comment