Carolina Advanced Digital Quotables
The (Not Quite) End Of Security On The Internet
InformationWeek Security Weblog
By George Hulme
Dec 30, 2008
Speaking at the 25th annual Chaos Communication Congress in Berlin, security researchers showed how they developed a rogue (forged) Certificate Authority digital certificate. Yes, this is a big deal. But no, the Internet isn’t broken.
Generally speaking, a certificate authority is the trusted source that signs digital certificates (such as SSL certificates), kind of like a notary does in the physical world. That’s why, when you’re at www.mybankingsite.com, you’ll see a lock in your browser. This should mean that the Web site actually is www.mybankingsite.com and that your Web traffic is being sent to that site through a secured communications tunnel.
But as colleague Mike Fratto explains in his post “Yes, Trust In The PKI Is Broken,” this new research shows that forging digital certificates is possible and practical.