Mozilla Asks All CAs To Audit Security Systems 77
Trailrunner7 writes "Already having revoked trust in all of the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates."
Security theater - brought to you by the CAs. (Score:5, Informative)
It really is security theater now. I've had to get certs from various vendors for the .edu I work at. They need 'official' documents from 'someone important'. Like a letter on official looking letter head with a copy of a photo ID faxed to them. Yeah. Real secure. Lemme break out my copy of photoshop.
How about at the very least the verifications some sites use to show that you control a domain? For example, the CA says that in order to verify 'somesystem.somewhere.com' we're going to need you to put this arbitrary string in a TXT record on your DNS server for that host.
When setting up a domain on Google Apps or MS Live (or other places) they ask you to do this as one of the things to do to prove domain ownership. Yes - obviously if your DNS is owned this isn't a problem, but its a heck of a lot better than the process now.
Re:Mozilla can't be trusted either (Score:4, Informative)
I was going to reply point by point to your complaints, but then I realized:
A) youre an AC, and probably trolling, and know that if you posted under your real handle your karma would tank because..
B) most of your complaints are garbage because...
C) they have all been addressed before in about a zillion threads, and
D) your entire post is off topic anyways.
Re:If you ask nicely enough... (Score:5, Informative)
...unless you submit yourself to an INDEPENDENT audit you will be revoked from our default trusted root certs
In the case of Diginotar, Price Waterhouse Coopers was doing the audits.