Author Topic: The coming Google Symantec Certification battle has been started...  (Read 2756 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29561
  • malware fighter
Re: The coming Google Symantec Certification battle has been started...
« Reply #15 on: September 12, 2017, 12:42:51 PM »
More CA trouble now concerning lack of Comodo CAA checking, reported here: https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg08028.html

Somehow the general infrastructure stays 'borked', Microsoft for instance not acting against audio-eavesdropping by microphone and certain surveillance parties blaming Kaspersky's for doin'g so. Double standards rule and political bias is taken as the red herring.

The provided 0-day holes are so-called "features", those that wanna protect you against it are portrayed as 'evildoers'.

Those that matter do not listen, those in the know do not matter, so everything stays "borked" as pre-designed.  :o

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29561
  • malware fighter
Re: The coming Google Symantec Certification battle has been started...
« Reply #16 on: September 12, 2017, 08:14:45 PM »
Polonus would not be polunus, when he did not come up with some CAA checking links:

https://www.ssllabs.com/ssltest/analyze.html?d=

CAA record helper: https://sslmate.com/caa/

DNS CAA Tester https://caatest.co.uk/

For monitoring (free for up to 5 domains) https://sslmate.com/signup?for=certspotter

enjoy, my good friends, emjoy,

polonus
« Last Edit: September 12, 2017, 08:16:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29561
  • malware fighter
Re: The coming Google Symantec Certification battle has been started...
« Reply #17 on: September 13, 2017, 12:41:58 PM »
The whole thing with certificates should be about "trust", but it is all only about the money, and trust here is a secondary issue.
Moreover 90% of users do not have an idea why they should trust a green padlock inside their browser or not.

With such an action both Google and Symantec protect themselves against loss of money, as certificates do not loose their value immediately, so expensive certificates are not turned into worthless ones.  Taking months for all of this to happen, Google can put the blame at certification not being renewed within time, and prevents both Google and Symantec against loosing money.

The old infrastructure is not failing because of a newer infrastructure being introduced.  Otherwise we would have had a real "trust" crisis, and users would not trust certification like in the past. Browsers, CA vendors, accountants all profit from/depend on the financial position of this CA system, so when you can no longer visit a particular website iside the browser,  vendors loose money and new buyers stay away. Whit a multi-billion system no one wants to loose money when a CA or an accountant is not performing as it should.

As polonus sees it, the Internet infrastructure as such is experiencing the greatest trust crisis of all times. Only most are not aware of ehat is happening, and some even do not care.

It is all about the status-quo between those that want to keep the infrastructure secure and those that wanna keep it zero-holed to quite an extent. It is a very, very difficult balancing act all the way,

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47808
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: The coming Google Symantec Certification battle has been started...
« Reply #18 on: September 15, 2017, 10:34:34 AM »
Win 8.1 [x64] - Avast Premier 17.7.2312.Beta#2 - CC 5.35 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.3 [NS/uBO] - Thunderbird 52.3 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29561
  • malware fighter
Re: The coming Google Symantec Certification battle has been started...
« Reply #19 on: September 19, 2017, 07:59:52 PM »
On the backgrounds of trust, we should read this paper: https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!