I've been posting recently about the DigiNotar issue, which as many security pros say, proves that the Certificate Authority trust model is broken. I'm not sure I agree with that totally.
The whole point of the ecosystem is that you have your Web site, and your Web site visitor, and they both trust the Certificate Authority to ensure that the transaction is legitimate. Sure, that trust is only as good as the reputation of the CA, and in the case of DigiNotar (and Comodo, and now GlobalSign) this trust is no longer valid. Does this mean that the entire third-party CA system is broken? Hardly.
Having done extensive business with Thawte, EnTrust, and VeriSign/Symantec, I'd have to say that there's still a solid place in the Internet world for this model. However, one thought might be that CAs need to be held to a higher standard, just like the root DNS server operators.
What do you think? Agree? Disagree?
I do have one recommendation. As you've no doubt read, Microsoft and Mozilla have updated their browsers to remove the inherent trust their products have in the DigiNotar Root Certificate. These updates are obviously crucial. However, if you operate a Web gateway or proxy server, you might want to look into explicitly adding the CRLs for these suspect CAs to your system. Here are the CRLs for GlobalSign, DigiNotar, and Comodo:
http://crl.globalsign.net/Root.crl
http://service.diginotar.nl/crl/root/latestCRL.crl
http://crl.comodo.net/UTN-USERFirst-Hardware.crl
By forcing your Web gateway or proxy server to honor these recently updated CRLs, you can be sure that any fraudulent SSL Certificate recently revoked will not be presented to your users. Definitely a smart step to take.
0 comments:
Post a Comment