Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Rogue Google SSL certificate not used for dishonest purposes, Turktrust says

Lucian Constantin | Jan. 7, 2013
Turktrust, the Turkish certificate authority (CA) responsible for issuing an intermediate CA certificate that was later used to generate an unauthorized certificate for google.com, claims that the bad Google certificate was not used for dishonest purposes.

"So once again we go through the process of revoking these [sub-CA] certificates and deciding how much future trust to put in Turktrust," Chester Wisniewski, a senior security advisor at antivirus vendor Sophos, said Friday in a blog post. "It is really time we move on from this 20-year-old, poorly implemented system. Whether it is the Public Key Pinning Extension for HTTP, Convergence, Trusted Assertions for Certificate Keys (TACK) or DNSSEC-TLS [technologies proposed to fix or replace the CA-based model] we've got to pick something and start implementing it."

 

Previous Page  1  2  3  4 

Sign up for Computerworld eNewsletters.