Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can We Fix SSL Certification?

Posted by Unknown on Tuesday August 16, 2011 @07:03AM from the security-through-insecurity dept.

Em Adespoton writes "At DEFCON this year, Moxie Marlinspike gave an excellent presentation showing how broken the current SSL certification model is and proposing a replacement. Naked Security adds to the issue, asking: does it even matter if you can trust your certificate notaries?"

2 of 249 comments (clear)

Min score:

Reason:

Sort:

Distribute Certificates via DNS (using DNSSEC)? by SmilingBoy · 2011-08-16 07:18 · Score: 4, Insightful

Wouldn't it be possible to verify the certificates via the DNS? Once that is secured with DNSSEC, this should be a very good solution. Or am I missing something?
1. Re:Distribute Certificates via DNS (using DNSSEC)? by vlm · 2011-08-16 07:24 · Score: 4, Insightful
  
  Wouldn't it be possible to verify the certificates via the DNS? Once that is secured with DNSSEC, this should be a very good solution. Or am I missing something?
  That DNSSEC is even worse of a single point of failure than SSL. Same type/class of problem, just worse.
  If you thought the SSL providers were shady, you'll think them heroic princes of justice once you start dealing with DNS registrars.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger