Carolina Advanced Digital Quotables

Yes, Trust In The PKI Is Broken
InformationWeek Analytics
By Mike Fratto
Dec 30, 2008

The trust in digital certificates relies on the fact that the authority issuing the certificate has validated the identity of the person or company making the request and that the digital certificate can’t be forged. New research presented at the 25th Chaos Computer Congress shows that forging digital certificates is possible and practical. Trust in the SSL is now broken.

SSL digital certificates are signed by certificate authorities, or CAs. When you go to an SSL-enabled Web site, the browser checks to see if the certificate was signed by a certificate authority contained in the browser.

Read the story
http://www.informationweek.com/blog/main/archives/2008/12/yes_trust_in_th.html