Can We Fix SSL Certification?

← Back to Stories (view on slashdot.org)

Can We Fix SSL Certification?

Posted by Unknown on Tuesday August 16, 2011 @07:03AM from the security-through-insecurity dept.

Em Adespoton writes "At DEFCON this year, Moxie Marlinspike gave an excellent presentation showing how broken the current SSL certification model is and proposing a replacement. Naked Security adds to the issue, asking: does it even matter if you can trust your certificate notaries?"

3 of 249 comments (clear)

Min score:

Reason:

Sort:

Distribute Certificates via DNS (using DNSSEC)? by SmilingBoy · 2011-08-16 07:18 · Score: 4, Insightful

Wouldn't it be possible to verify the certificates via the DNS? Once that is secured with DNSSEC, this should be a very good solution. Or am I missing something?
1. Re:Distribute Certificates via DNS (using DNSSEC)? by vlm · 2011-08-16 07:24 · Score: 4, Insightful
  
  Wouldn't it be possible to verify the certificates via the DNS? Once that is secured with DNSSEC, this should be a very good solution. Or am I missing something?
  That DNSSEC is even worse of a single point of failure than SSL. Same type/class of problem, just worse.
  If you thought the SSL providers were shady, you'll think them heroic princes of justice once you start dealing with DNS registrars.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Re:No by amorsen · 2011-08-16 08:32 · Score: 3, Insightful

You can only trust what you can see with your own eyes; trust does not inherit, plain and simple. Any system that relies on inherited trust is broken before it starts.
Our whole society is reliant on inherited trust. Feel free to try to escape from it.

--
Finally! A year of moderation! Ready for 2019?