PKI Archive

Meet the Challenge


One of my principals is to view problems as challenges. Basically there are no problems for me, there are only challenges. And who doesn’t love to meet the challenges which are placed upon and in front of us? I love to tackle challenges from small to big!
Some time ago my  friend Gervase Markham, author-developer of […]

Glitch or Negligence?


In continuation of my article of Untrusted Certificates, I’m trying to set the record strait if this was a glitch in the software of the reseller or really negligence on part of Comodo. The reseller (actually they were supposed to be a registration authority) maintained that it was the result of unintentional mistakes and a […]

Full Disclosure


During the night of the 19th - 20th of December a critical event occurred at the StartCom CA. With the help of a proxy tool like WebScarab an attack to overcome the domain validations system was successful. The event was handled efficiently and correctly by StartCom and in order to shed full light on what […]

MITM attacks - do they really happen?


(If you happen to know what an MITM attack is, fast forward to here)
The man-in-the-middle (MITM) attack is the attempt by an attacker to implant himself between the client (browser, mail client, IM client) and a server serving some web page or other content. The attacker receives all requests and responses to and from the […]

Enjoy your fruits apple


It’s about time to enjoy your fruits - I mean your Apple!
Apple Inc. extended its trust to the StartCom Certification Authority and shipped with their latest updates the newest root CA certificates to their various products. Since version 10.5.5 of Macintosh OS X Leopard, the OSX Root Keychain features both CA roots of StartCom and […]

Accountability and Privacy


The only condition and requirement StartCom puts forward to potential subscribers of free digital certificates and other services the StartCom Certification Authority provides, is that the subscriber must disclose his private details. This means, the name and address of residence (home address) must be provided during registration for a StartSSL account.
Obviously many try to circumvent […]

SSL with Firefox 3


The new Firefox 3 browser is approaching fast its final release to the public and millions of fans will download the new product from Mozilla this month. For me this is a very exciting event and a great opportunity to show you which changes and improvements will effect us, specially in relation to SSL secured […]

Announcing Better Trust™


Long before browser vendors decided that the infamous padlock isn’t sufficient anymore for indicating a secure connection, I felt that I’d like to know much more about the certificates websites are using. Until today I either knew if the certificate was issued from one of the root certificates the browser vendor deemed trustworthy enough to […]

Chaos of Randomness


The previously reported bug in the Debian OpenSSL library had besides the directly associated negative impact also brought forward a lot of good things! Consciousness about random numbers (unpredictable numbers) and their importance in cryptography and security in general, has highly improved, as many discussions on mailing lists and forums can attest. New tools for […]

Extended Validation - What it really means


I’m going to give you a better understanding about what extended validation (EV) means and what it really gives to you. Throughout many discussion at Mozilla and elsewhere - and specially since my last article about spoofing the secure state of the upcoming Firefox browser, EV certificates are touted by many as the solution […]