[conspire] question about "thawte" - how secure are websites covered by thawte
Rick Moen
rick at linuxmafia.com
Thu Sep 3 14:56:52 PDT 2009
Quoting Darlene Wallach (freepalestin at dslextreme.com):
> Does anyone know anything about "thawte" - how secure are websites
> covered by thawte, the thawte trusted site seal?
Ehud is correct.
However, next time you're at my house, thumb through security expert
Bruce Schneier's chapter about just how worthless SSL Certificate
Authorities are in my copy of his book _Beyond Fear_.
That is, the SSL certificate is probably crytographically strong, as is
the Certificate Authority's digital signature, but the CA is actually
attesting to far less than you assume they are. Also, the CAs'
procedures to validate the identity of their customers (and their
customers' representatives with whom they deal) are typically so
lax as to be meaningless. Schneier's expose -- a scathing critique of
the CA industry -- is really an eye-opener.
Here's a list of CAs at the Open Directory Project:
http://www.dmoz.org/Computers/Security/Public_Key_Infrastructure/PKIX/Tools_and_Services/Third_Party_Certificate_Authorities//
More information about the conspire
mailing list