12. April 2011 · Comments Off on How is SSL hopelessly broken? Let us count the ways • The Register · Categories: blog · Tags: , ,

How is SSL hopelessly broken? Let us count the ways • The Register.

Excellent article discussing the flaws in SSL – mostly problems with Certificate Authorities.The Comments are also worth reading.

However, the deeper problem is that most end users don’t understand the three types of certificates – Domain Validated, Organization Validated, and Extended Validated.

Browsers need to alert consumers to the three types and indicate the low level of trustworthiness of DV certs, Consumers would begin to shy away from sites using DV certs. This would push web sites to use OV and EV certs. Without this, web sites are going to continue to use DV certs.

While this won’t solve all of the SSL problems Dan Goodin identified, I think it would be a big improvement.