Private I: Trust and verify for network certificate roots<article>
<section class="page">
<p>
In a post on March 23, Google’s
security team explained that it had discovered that someone was delivering digital certificates to users for Google domains that weren’t authorized by Google. A quick investigation discovered that a Chinese certificate authority (CA), CNNIC, had improperly given a reseller enough power to create verifiable certificates for any domain in the world.</p><p>
With a verifiable certificate,
any seemingly secured web connection can be intercepted by a party that can insert a tap into a network point between the browser and the server. It’s bad.</p><p class="jumpTag"><a href="/article/2902173/private-i-trust-and-verify-for-network-certificate-roots.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Private I: Trust and verify for network certificate roots
