ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Next Change for SSL Certificates

    IT Discussion
    ssl ssl certificates google symantec
    2
    5
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Symantec's Sanjay Modi writes about the Future of SSL Certificates and how Google is hoping that greater security can be achieved through greater transparency.

      ? 1 Reply Last reply Reply Quote 2
      • ?
        A Former User @scottalanmiller
        last edited by

        Transparency in Security? Almost sounds like an oxymoron.

        So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.

        I get theres an extra level here with logging but I don't get exactly how that's going to work.. What is the log/audit actually checking to verify it? is this basically the same thing as the Safe Site plugins some A/Vs make but built into the browser instead of an addon?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @A Former User
          last edited by

          @thecreativeone91 said:

          So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.

          No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.

          ? 1 Reply Last reply Reply Quote 0
          • ?
            A Former User @scottalanmiller
            last edited by A Former User

            @scottalanmiller said:

            @thecreativeone91 said:

            So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.

            No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.

            But it has to be used at the domain it's issued for or else it will throw a mismatch error.. Unless it's a whild card cert..

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @A Former User
              last edited by

              @thecreativeone91 said:

              @scottalanmiller said:

              @thecreativeone91 said:

              So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.

              No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.

              But it has to be used at the domain it's issued for or else it will throw a mismatch error.. Unless it's a whild card cert..

              That's a completely different piece of security. If you hijack DNS you completely bypass it.

              1 Reply Last reply Reply Quote 1
              • 1 / 1
              • First post
                Last post