Skip to main content

Posts

Showing posts from September, 2011

New Trust Solutions

With the all of the activity circling around SSL certs and CA trust, there is an inherent trust problem.  Internet users have been taught to trust the PKI scheme that we use for all secure browsing activity.  There are two very valid cases for the destruction of this trust:

1.  Law-enforcement / Government interception.  There are product vendors whose business model is to supply equipment to law enforcement and government clients which can "law-fully" intercept communications without the knowledge of the end-user.  Example is www.packetforensics.com.  Although I do not have a link (can anyone supply a corroborating link?), there are several product pages that are not publicly accessible which would likely confirm this fact.  In order for these products to work, the SSL certs that are used would have to be trusted by the browser software to avoid being detected as un-trusted.  I am theorizing that these certs would be generated by one of the trusted roots within the existing…