Next Change for SSL Certificates
-
Symantec's Sanjay Modi writes about the Future of SSL Certificates and how Google is hoping that greater security can be achieved through greater transparency.
-
Transparency in Security? Almost sounds like an oxymoron.
So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.
I get theres an extra level here with logging but I don't get exactly how that's going to work.. What is the log/audit actually checking to verify it? is this basically the same thing as the Safe Site plugins some A/Vs make but built into the browser instead of an addon?
-
@thecreativeone91 said:
So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.
No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.
-
@scottalanmiller said:
@thecreativeone91 said:
So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.
No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.
But it has to be used at the domain it's issued for or else it will throw a mismatch error.. Unless it's a whild card cert..
-
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.
No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.
But it has to be used at the domain it's issued for or else it will throw a mismatch error.. Unless it's a whild card cert..
That's a completely different piece of security. If you hijack DNS you completely bypass it.