Certificate Authorities under increasing spotlight

CNET has a long article "Hackers exploit chink in Web's armor"


and I have seen this story gaining very wide media acceptance.

If you look carefully you will see how DANE (if they don't mess it up) 
and DNSsec are going to form the first round of solutions to this problem.
There are never final solutions in security space, and that is why I mention
this as the first round. These solutions put states at the center of trust.

Even though governments are not a perfect, they are a lot more accountable in
democratically elected countries, and their sphere of influence as well as the
rules of intergovernmental action have been more and more clearly defined since
the second world war.

So a .ch domain will tell you that the company or individual you are connecting 
to is accountable to Swiss legislation, a .us to the legislation of the USA. So 
if you are communicating with wellsfargo.com the legislation will be US based you 
will know that the connection is as good as US security, and won't depend on the
weakness of the weakest link globally - which is to no link at all.

  Anyway, it is clear from these articles that DNSsec and Dane solve the first round
of problem. 


Social Web Architect

Received on Thursday, 24 March 2011 12:10:22 UTC