Pages

Thursday, April 7, 2011

Comodo and bogus SSL certificates

Oh boy. The Comodo Group, a certificate authority, was tricked into issuing SSL certificates for well-known domains to a bogus client. As Bruce Schneier wrote, "This isn't good."

I gave some background on this technology in December and August 2010. My blog entries aren't perfect but they give you the flavor of what's going on and why the Comodo story is important.

There are ways to mitigate the vulnerabilities introduced by corrupt or sloppy CAs (the Comodo Group appears to fall into the latter category), but some if not all of them require far-reaching changes in even more fundamental Internet technologies, like the Domain Name System (DNS).

In short, there's no easy fix.

No comments:

Post a Comment