Login  |  Register  |  Contact

Trust us, our CA is secure

We know what we're doing. Just ask us...Given the number of recent high profile CA compromises, it seems some of the folks who milk the SSL cash cow figured they should do something to sooth customer concerns about integrity. So what to do? What to do? Put a security council together to convince customers you take security seriously. From Dark Reading’s coverage of the announcement:

“We felt SSL needed a leader,” says Jeremy Rowley, associate general counsel for DigiCert, which, along with Comodo, Entrust, GlobalSign, Go Daddy, Symantec, and Trend Micro, today officially launched the new organization. “We felt a group of CAs, rather than one CA,” was a better approach, he says.

So the group will push for OCSP Stapling and then other technologies to be determined. But it’s not a standards body. So what is it again?

“CASC is not a standards body. Instead, we will work on helping people understand the critical polices on SSL and … promote best practices in advancing the trust of CA operations,” DigiCert’s Rowley says. “Our main goal is to be an authoritative resource on SSL.”

Guess these guys forgot that the weakest link breaks the chain. And out of the hundreds of root certs in the typical browser, one of those CAs will be the next weakest link.

Photo credit: “Trust us, we’re expert” originally uploaded by Phauly

—Mike Rothman

No Related Posts
Previous entry: RSA Conference Guide 2013: Security Management and Compliance | | Next entry: Facebook Hacked with Java Flaw


If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.



Remember my personal information

Notify me of follow-up comments?