• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 9. Securing Your Internet Transa... > Problems with Certificates

Problems with Certificates

In today's typical PKI, CA distribution of X.509-based certificates, several known problems exist. First, perhaps calling them certificates is a misnomer. As the definition implies, a certificate is a document testifying that its subject matter is true and authentic, officially and under the law. As in a Certificate of Birth or Certificate of Deposit, the contents are deemed true, authorized, and sealed; their truth should not be questionable. As the name implies, you would think a digital certificate serving to prove identity and validity would also be considered true beyond a doubt. However, that is not the case, and most CAs even have a disclaimer saying that they are ultimately not responsible for the contents or validity of a certificate. In the end, you are solely responsible for trusting a given certificate. Why then do you choose to trust in a CA when you could do the same thing on your own in a distributed system such as PGP?

Certificates can be faked, stolen, or filled with invalid information. In early 2001, VeriSign was tricked into issuing two digital certificates under the identity of Microsoft. The certificates were issued to people claiming to be from Microsoft. They used the certificates to sign software that would be downloaded into people's Web browsers over the Internet. Because your Web browser trusts all digital certificates signed by VeriSign by default, your browser would immediately download and run the software of these malicious people. The attackers could have the software do anything they wanted, from wiping out your computer to spying on your activities for months to come.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint