GlobalSign Suspends Issuance of SSL Certificates

Joining the ranks of accepted submitters, realxmp writes "The BBC is reporting that GlobalSign has stopped issuing certificates because of yet another suspected CA security breach. This was in response to a post on the ComodoHacker paste bin, claiming that this and several other CA's have also been compromised." No word yet on whether they were actually compromised.

Self Signed Certificates

[roman_mir]

Self Signed Certificates.

This is what I have been talking about for years and years now. Years and years, and I am on the topic of browsers treating self signed certificates worse than viruses and there are still people disagreeing.

Come on, browsers need to start treating self signed certificates like they are plain old HTTP, with an icon that can be used to view the fingerprint.

That would be a GOOD START. Then start distributing lists of sites to fingerprints, maybe even public certificates, have time stamps and have the site operators cross check the fingerprints in those lists. Have an architecture to verify one list against another dynamically. Have verified lists that are hash signed, have hash keys for lists being distributed. I don't know, there could be all sorts of things done, but instead we are still relying on the centralized signing authority that didn't actually earn any trust. I don't trust any CA, why does anybody trust any CA?