Support for notary server for CA support evident at RSA conference

Support for notary server for CA support evident at RSA conference

Companies using Symantec or VeriSign SSL certificates may see some changes coming soon, as one researcher at the RSA Conference 2012 in San Francisco discussed some of the issues of certificate authority security according to TechTarget.

According to the news source, the movement began last summer to move toward a new network of notary servers to validate SSL certificates. This would allow the users to choose which CA they trust and be able to revise that decision whenever they need to. Moxie Marlinspike, who introduced this concept, said the notary servers offer ecommerce companies another way to shore up their web security. He gave the example of the current system with Comodo, one of the 650 issuing CAs.

“I can remove Comodo from my trust database, but if I do that, one quarter of the Internet is no longer accessible. Yes I can take the ideological stance to never visit them again, but in reality, this is not an appropriate response,” Marlinspike said, according to the news source. “This is true for the browser vendors too; they cannot remove them. Comodo knows this. We made a decision to trust Comodo and we’re locked into trusting them forever. This is the essence of the problem.”

So far, people with high assurance SSL certificates may not have noticed much movement toward convergence. Google said it would not deploy this method in its Chrome browser. Even so, convergence could pick up steam if those at the RSA Conference like the idea.