|
|
|
|
|
|
by rmoriz
4148 days ago
|
|
|
Yes and no. Nothing is 100% secure and new CA players will bring a higher encryption usage overall (in this case -> other business model/regional reach). Higher usage will also drive the amount of criminals (including secret agencies) trying to MITM/intercept those encryption. This will push vendors and developers to increase certificate pinning and other models of "bottom-up" models besides the top-down model that the CA-model implements. IMHO it would be great to have a "working by default" model (which the CA-model is compared to something like pgp) and a protocol-independent way to pin public keys (eg not tied to http/s like HSTS and HKPK). People and companies in need of "higher" security can pin keys and eg ignore the root trust of their OS/browser. So IMHO the best of "both" worlds. HSTS http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HPKP https://developer.mozilla.org/en-US/docs/Web/Security/Public... |
|
|
[1]http://tack.io/