Access your Pro+ Content below.
Will TLS 1.3 solve the problems of certificate authorities?
Sponsored by SearchSecurity.com
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocols have long been the cornerstone of Web application security, and the whole process finds its root (quite literally) in a system of signed certificates. The trouble is this security system has turned into a vulnerability. Too often an enterprise possesses a hodgepodge of signed certificates from various Certificate Authorities (CAs) that are thrown into the directories of protected services, and then often forgotten until they expire. Worse yet, recently hackers have managed to create fake certificates. CAs -- once a seemingly effective answer to ensuring Web security -- are now providing an attack surface for hackers to take advantage of.
This technical guide surveys the CA landscape, opening with a field report on the latest CA security issue, the problem of fake certificates. To help explain the nature of this threat, our second chapter delves into the certificate system, current problems with it, and what enterprise IT staff can do. This guide’s closing chapter examines industry efforts to cope with the threat: TLS 1.3. Through this guide, IT professionals, and especially those concerned with network security, will learn the latest about TLS/SSL security.
Table Of Contents
- Fake SSL certificates, real security headaches
- The trouble with certificate authorities
- TLS 1.3 to the rescue