Atomized

SSL is dead

Via Slashdot, phishers are using valid SSL certificates. SSL isn’t particularly strong crypto, and much of it’s value proposition comes from the fact that the issuers do some checking to make sure the applicant is who they say they are.

This is a stark illustration that identity has nothing to do with malicious intent. Or that the SSL certificate authorities are asleep at the wheel.

2006/02/14

Previously On Atomized: Carb adapter is here

⚛

Discussion

Since the signing CA is easily visible, any CA caught signing certs for known phishers should be publicly flogged. Or at least blacklisted.
uid_zero
2006/02/14

I sure hope so.
Ian Eure
2006/02/20

Participate

Recently

Elsewhere
- Digg
- GitHub
- Twitter

Friends