Carolina Advanced Digital Quotables

    The (Not Quite) End Of Security On The Internet
    InformationWeek Security Weblog
    By George Hulme
    Dec 30, 2008

    Speaking at the 25th annual Chaos Communication Congress in Berlin, security researchers showed how they developed a rogue (forged) Certificate Authority digital certificate. Yes, this is a big deal. But no, the Internet isn’t broken.

    Generally speaking, a certificate authority is the trusted source that signs digital certificates (such as SSL certificates), kind of like a notary does in the physical world. That’s why, when you’re at www.mybankingsite.com, you’ll see a lock in your browser. This should mean that the Web site actually is www.mybankingsite.com and that your Web traffic is being sent to that site through a secured communications tunnel.

    But as colleague Mike Fratto explains in his post “Yes, Trust In The PKI Is Broken,” this new research shows that forging digital certificates is possible and practical.

    Read the story
    http://www.informationweek.com/blog/main/archives/2008/12/the_not_quite_e.html