Fall of Certificates
As a regular user on Internet we expect some kind of security, this security is provided in form of Secure Socket Layer(SSL) and Transport Layer Security(TLS). Both security models use Public Key and Private Key for securing connection between two systems. But unless the remote host is trusted we can’t take risk of connection though there’s total encryption in connection since such kinda step can lead to unexpected data monitoring. To solve this problem public keys are certified with digital signatures. The authorities who provide this certificates are known as Certificate Authority(CA). #-Link-Snipped-#Digital certificates provided by these authorities usually guarantees secure connection between you and the site you connect, these signatures are stored in database of your Web Browser and also get updated with regular browser update. In this whole process the CA acts as third party which you trust thus creating a trust based Public Key Infrastructure (PKI).
Now the above security architecture is really very secure at least logically we can say that but in reality it falls down and though we already have digital signatures via trusted CA it doesn’t guarantee security on their part. The reason is not in model itself but in signature digitizers CA’s. The model failed to perform because of human’s nature to make maximum economy. Actually CA digital signature certificates are provided commercially and aside from commercially they are also provided by large organizations, institutions and Government. The sites that matter most are usually certified by commercial CA's(since most of us don’t trust our government when security is concerned). #-Link-Snipped-#As the time is stepping ahead the number of sites applying CA’s for signatures has considerably increased due to which CA’s reduced the long scrutiny process. But each step that was defined in scrutiny process was crucial. Scrutiny time reduced but security got compromised. When people found malpractices done just to make economical gains they lost confidence in trustworthiness of model though it was flawless. To overcome their distrust CA’s are now shipped with Extended Validation (EV) signatures which guarantees user about strict validation of process. But when model itself was flawless and due to economical reasons it became crap how much can we trust on EV for validation and security.
The failure of model due to human error is usually common and the blame given to the a good technology is also common. Though the technology was flawless attempts are being made to replace it because of its failure to provide expected secure connection. As a normal human being we never forget to blame technology instead of the people behind failure of good technology but we can't deny the fact a technology is also designed to cover human errors so even I am giving my full support to the people who now are attempting for better replacement. I hope the next trust model if comes with a certificate should not fall down due to such reasons.
Note: The above information was small description of research work by Hagai Bar-El and his colleagues. He is among the people who are working on new proposal to replace CA model with a better model. The research paper was published a few months ago whose little description is placed for you. As a person interested in same field I agree with matter placed by Hagai Bar-El in his research work and support his further work on replacement of model but as the research work is not mine I don't take liability on accuracy of data mentioned above though I completely believe they are trustworthy.
About Hagai Bar-El: Hagai Bar-El is head of small group of consultants providing information and services related to computer and network security. Hagai Bar-El holds experience and expertise in various fields of computer and network security and also works in various security research programs.
A newer model may have been proposed but currently we don't have information on it, as soon as we get further information, you will find us updated here.
Now the above security architecture is really very secure at least logically we can say that but in reality it falls down and though we already have digital signatures via trusted CA it doesn’t guarantee security on their part. The reason is not in model itself but in signature digitizers CA’s. The model failed to perform because of human’s nature to make maximum economy. Actually CA digital signature certificates are provided commercially and aside from commercially they are also provided by large organizations, institutions and Government. The sites that matter most are usually certified by commercial CA's(since most of us don’t trust our government when security is concerned). #-Link-Snipped-#As the time is stepping ahead the number of sites applying CA’s for signatures has considerably increased due to which CA’s reduced the long scrutiny process. But each step that was defined in scrutiny process was crucial. Scrutiny time reduced but security got compromised. When people found malpractices done just to make economical gains they lost confidence in trustworthiness of model though it was flawless. To overcome their distrust CA’s are now shipped with Extended Validation (EV) signatures which guarantees user about strict validation of process. But when model itself was flawless and due to economical reasons it became crap how much can we trust on EV for validation and security.
The failure of model due to human error is usually common and the blame given to the a good technology is also common. Though the technology was flawless attempts are being made to replace it because of its failure to provide expected secure connection. As a normal human being we never forget to blame technology instead of the people behind failure of good technology but we can't deny the fact a technology is also designed to cover human errors so even I am giving my full support to the people who now are attempting for better replacement. I hope the next trust model if comes with a certificate should not fall down due to such reasons.
Note: The above information was small description of research work by Hagai Bar-El and his colleagues. He is among the people who are working on new proposal to replace CA model with a better model. The research paper was published a few months ago whose little description is placed for you. As a person interested in same field I agree with matter placed by Hagai Bar-El in his research work and support his further work on replacement of model but as the research work is not mine I don't take liability on accuracy of data mentioned above though I completely believe they are trustworthy.
About Hagai Bar-El: Hagai Bar-El is head of small group of consultants providing information and services related to computer and network security. Hagai Bar-El holds experience and expertise in various fields of computer and network security and also works in various security research programs.
A newer model may have been proposed but currently we don't have information on it, as soon as we get further information, you will find us updated here.
Replies
You are reading an archived discussion.
Related Posts
Last month I purchased Linux For You magazine, since after taking Computer Security as my subject I got more interested in Open Source and Linux based systems. While reading articles...
If you are interested in the extreme warfare or weapons of the future type of shows on Discovery, then this article is sure to shiver your nerves. In a ski-fi...
Rio de Janeiro, Brazil,Nov.17-20, 2010—Authorized distributor of GstarCAD, one of the world leading providers of 2D/3D design software, Cadalist Tecnologia Ltda in Brazil, successfully displayed GstarCAD in the International Building...
Nokia is really finding tough in the Indian market because of the low-price-high-value phones we see today. So, it is coming out with a few innovations of its own. Bringing...
Once a program was written for sending internetwork e-mails. That program changed the way how events get logged today. The program is still better known as Sendmail program. Sendmail is...