MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
certificates
Search

Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks

Tuesday June 18, 2019. 03:00 PM , from Ars Technica
Enlarge (credit: nternet1.jpg by Rock1997 modified.)
Content delivery network Cloudflare is introducing a free service designed to make it harder for browser-trusted HTTPS certificates to fall into the hands of bad guys who exploit Internet weaknesses at the time the certificates are issued.
The attacks were described in a paper published last year titled Bamboozling Certificate Authorities with BGP. In it, researchers from Princeton University warned that attackers could manipulate the Internet’s border gateway protocol to obtain certificates for domains the attackers had no control over.
Browser-trusted certificate authorities are required to use a process known as domain control validation to verify that a person requesting a certificate for a given domain is the legitimate owner. It requires the requesting party to do one of three things:
Read 10 remaining paragraphs | Comments
https://arstechnica.com/?p=1523561

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2019 Zicos / 440Network
Current Date
Oct, Sun 20 - 01:29 CEST