Researchers have proposed an extension to the Internet’s foundation of trust that’s designed to root out fraudulent secure sockets layer (SSL) certificates before attackers can use them to impersonate online banks and other sensitive websites.
The proposal, which was submitted Wednesday to the Internet Engineering Task Force, is designed to mend a fundamental crack in the SSL system, which is also referred to by a successor protocol called TLS, or transport layer security. With some 650 entities around the world authorized to issue digital certificates trusted by Internet Explorer, Chrome, Firefox, and other browsers, all it takes is the incompetence or malfeasance of one of them to bring the system down. That single point of failure was underscored by last year’s breach of certificate authority DigiNotar, which led to the issuance of a fraudulent credential used to snoop on 300,000 Google Mail users, most of whom were in Iran.
Read more at Ars Technica