Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iluom
Contributor II
‎04-29-2019 02:03 AM
‎04-29-2019 02:03 AM

Certificate Transparency (CT) looks promising to the rescue

 

Browsers can usually detect malicious websites that are provisioned with forged or fake x.509 certificates. Thanks to digital signatures and encryption. However, current cryptographic mechanisms aren’t so good at detecting malicious websites if they’re provisioned with mistakenly issued certificates or certificates that have been issued by a certificate authority (CA) that’s been compromised or gone rogue. This type of CT protects against the possibility that a public CA may be compromised.

 

Certificate Transparency RFC:6962

https://tools.ietf.org/html/rfc6962

 

 

Chandra Mouli, CISSP, CCSP, CSSLP
Reply
0 Kudos
0 Replies