Wednesday, March 23, 2011

How trustworthy is the CA model


Recently a hacker with Iranian IP addresses managed to compromise a partner account at Comodo Group's CA and procured eight legitimate SSL cert for the following 6 respectable domains:,,,, and

Web browser makers frantically tried to update browsers to exclude the bogus certificates and Mozilla managed to plead with a famous security researcher, Jacob Appelbaum to withold information from public before patches are sent out.

How secure is the CA trust model after all ? Considering the use of TOR network instead of centralised CA ?

No comments: