These are questions that arise from this study: How secure is HTTPS today? How often is it attacked? | Electronic Frontier Foundation
The most interesting entry in that table is the "CA compromise" one, because those are incidents that could affect any or every secure web or email server on the Internet. In at least 248 cases, a CA chose to indicate that it had been compromised as a reason for revoking a cert. Such statements have been issued by 14 distinct CA organizations.
The problems with the CA system and TLS authentication are urgent and structural, but they can be fixed.
They promised to post solutions…
I’m thinking a new protocol will be developed, but unsure yet.
I don’t think it needs to be fixed, I think it needs to be redeveloped
Well, my 2 cents
Thanks Jacob… I’ve forgotten this thread.
Glad the discussion arose again
PKI has not been comprimised.
Network security has.
The PKI model is still valid. Improvements can always be made and welcome.
the latest attacks are “NOT” about breaking the PKI infrastructure but penetrating the Network security that protects the PKI infrastructure.
Thanks Melih. But it got that much technical for me. What is PKI?
Correct me if i’m wrong,
PKI (Public Key Infrastructure): The Primary structure how Digitial Certs are used in today’s world, From Distrobution to Revoking, From Creating to Storing.
If the problem is the network security behind, well the whole model should be hardened or it will be itself compromised imho.