As the security industry attempts to move on from the Comodo security breach, Google is shedding light on its plans for securing secure socket layer (SSL) certificates.In a posting to the Google Online Security blog, security team engineer Ben Laurie outlined plans for a pair of projects which the company hopes will help to prevent future security incidents and restore user trust in online certificates.
The first project is an online catalogue for certificates. Laurie explained that the company is using its web crawling software to pore over sites and gather information on security certificates.
The company plans to turn the collection into the Google Certificate Catalog, a service which will function as a database of SSL certificates, allowing for connections to verify the authenticity of online certificate data.
In addition to the database, Google said that it would be working with the DNS-based Authentication of Named Entries (DANE) working group. The group is working to build a platform which can specify and validate the signing on online certificates.
“In the wake of the recent Comodo fraud incident, there has been a great deal of speculation about how to improve the public key infrastructure, on which the security of the Internet rests,” Laurie wrote
“Unfortunately, this isn’t a problem that will be fixed overnight.”
Laurie was referring to the recent crisis with security firm Comodo in which a hacker was able to gain access to company data and then use the information to generate fake security certificates.
A hacker from Iran later claimed responsibility for the attacks.
0 comments: