Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Book Reviews

Recent reviews from Slashdot readers:

Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus

Comments: 1 +-   Open CA Authorities on Thursday July 17 2008, @05:01PM trainman

Submitted by trainman on Thursday July 17 2008, @05:01PM
security
trainman writes "With the release of Firefox 3, those who have been using self-signed certificates for SSL now face a huge issue, the big, scary warning FF3 issues which is very unintuitive for non-technical users. It seems Firefox is pushing more websites in to the monopolistic arms of companies such as Verisign.

While there is good reason for CAs, to ensure the certificate a user is presented actually belongs to the domain you're visiting instead of being the result of DNS spoofing. Most of the rational for the need (and cost) to verify certificate applicants revolves around ensuring the applicant isn't simply trying to take advantage of domain typos or other social engineering exploits.

However for smaller, especially non-profit groups, which will never have issues with domain typo scammers, this adds an extra and difficult to swallow cost. All the browser needs to do when visiting a site is ensure the certificate you're presented matches the domain you typed. Who that domain and certificate belong to is of no consequence. Surely a service such as this doesn't need the same level of scrutiny and cost since all that is being done is verifying domain and certificate match, not if the domain you've typed is the legitimate company you're seeking to contact. This extra hand holding adds a tremendous cost and allows monopolistic companies such as Verisign to thrive.

Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, no actual verification of who owns the domain. Leave that to the user."
submission
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Open CA Authorities 1 Comment More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
Search
A language that doesn't affect the way you think about programming is not worth knowing.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.