Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Some CAs Too Big To Fail?

Posted by samzenpus on from the they-don't-fall-down dept.

Trailrunner7 writes "In the wake of this weekend's revelations of the seriousness of the attack on certificate authority DigiNotar, security experts have renewed criticism of the Internet's digital certificate infrastructure, with some wondering if larger certificate authorities (CAs) might be too big to fail. Would Mozilla and Microsoft and Google have revoked trust in root certificates from VeriSign or Thawte had they been compromised? Unlikely. 'It's not a simple matter of removing certificates from a database, because they're not in any databases,' says researcher Moxie Marlinspike, who presented an alternative approach to the current SSL infrastructure last month at DEFCON. 'We may never track them all down.'"

3 of 163 comments (clear)

  1. User ignorance by betterunixthanunix · · Score: 3, Insightful

    Maybe we should do a better job of teaching people about computers and technology when they are in high school. CAs are able to get away with poor practices and poor security because most computer uses have no clue what a CA is. If people would start disabling Thawte's certificates en masse, Thawte would be forced to protect its business by regaining the users' trust.

    --
    Palm trees and 8
  2. Too big to fail... by houstonbofh · · Score: 4, Insightful

    Too big to fail means too big to give a shit. Failure is the motivator for performance. With no cost for bad performance, there is no incentive for good. Just ask the "big" banks, or better yet, ask the customers...

    1. Re:Too big to fail... by Anonymous Coward · · Score: 2, Insightful

      Both Democrats and Republicans (and even Tea Partiers, from what I've seen....) are for big government. The argument is what part of the government should be big.

      We compromise by making both sides big.