Learn about Google's latest CA ban in the latest episode of cert sagas
If you recall the scene in Meet the Parents where the characters played by Robert De Niro and Ben Stiller discuss the “circle of trust,” then today’s blog will resonate with understanding of how your own digital circles of trust are constructed.
When two computers exchange encrypted information, both must be inside each other’s circle of trust. The way they do this is by installing a digital certificate that references a common root Certificate Authority (CA) in their applications. Certainly, the most common applications are web-related and in this case, both the servers and the browsers need to trust each other. But there are many other applications that need certificates to enable encrypted operations. The key takeaway here is that just like Stiller’s character, these CAs sometimes wander outside their trust circles.
How this happens is usually the result of human error – either deliberate (as with some hacker trying to force their way in) or a genuine configuration mistake (on the part of some administrator or programmer). This is a very specialized field and not that many people have the skills or the experience to set up CAs.
As a result, over the years there have been some spectacular failures of trust with certain CAs – this blog post documents many of them. For example, back in 2011, an attacker completely compromised DigiNotar ..
Support the originator by clicking the read the rest link below.
