Description: The SSL PKI as currently implemented in web browsers has the property that any one of N trusted CA organizations can certify any TLS endpoint. The past year saw at least three major published circumstances in which CA practices, or their interactions with other systems, would have left browsers vulnerable to practical man-in-the-middle attacks due to the weakness of just 1 of the N CAs.
We propose to address the browser PKI problem by modifying the TLS certificate verification algorithm to use more sources of information about a certificate.s trustworthiness. Doing this will greatly improve the browser.s trust user interface by simultaneously reducing the number of false-positives (confusing warnings about certificates that are actually correct) and false-negatives (failures to warn the user when a man-in-the-middle attack occurs).
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , Confidence 10 , Confidence-2010 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.