Skip to main content
banner image
venafi logo

How Are We Still Talking About Broken Trust?

How Are We Still Talking About Broken Trust?

generic_blog_banner_image
August 13, 2015 | Mark Miller

We live in the age of technology. It is a fast-paced, break-neck ride to deliver great solutions—everything from the largest, complex integrated solution to the single, simple iPhone app. With online solutions a part of so much of our everyday lives, why are we still talking about digital certificates, the backbone of internet communication, being broken?

I will tell you why. It’s hard. Once Netscape introduced the SSL protocol used with x.509 certificates in 1994, it was obvious we needed to fix online communication and FAST. We seized the quickest solution and the use of x.509 certificates with SSL for online communications soared. With this protection, online commerce exploded with the confidence that identity and privacy could be ensured.

Well, the internet is all “grow’d up” and our SSL/TLS solution needs to be refitted. Moxie Marlinspike at Defcon 19 in 2011 told an over-packed audience of hackers at the Rio in Las Vegas that the way we establish trust needs to change; we need to take the power back from trust stores that have been force-fed into our systems and make our own intelligible decision on who or what we want to trust. Convergence Beta was then created.

I just got back from Defcon 23 and, yet again, there were several talks on exploiting digital certificate weaknesses. Besides the few sneaky hacks I saw, it was interesting to see a solution proposed to the open source community to try and help our broken trust. A couple of guys, for the love of protected communications, came up with a product called TLS Canary (warning: the content is provocative). In real time, it will check the trustworthiness of the certificate you are trying to access and tell you whether it is good or bad.

Defcon 23 Discusses Broken Online Trust

There are now several approaches to certificate trustworthiness, but we need to ensure that we’re turning to a comprehensive source. Google is running the Google CT (Certificate Transparency) project, TLS Canary has been developed, and we have the SSL Observatory. In addition, some people are trying to solve issues with certificate pinning. Good, great! Finally we have several groups out there pushing for and delivering solutions. Everyone is starting to see the issue that Venafi has been solving for years. Venafi, the Immune System for the Internet™, provides the single most comprehensive source of certificate trustworthiness.

Venafi has a platform that not only helps you establish what to trust through its TrustNet product, but will also bring order to the chaos that is your PKI (Public Key Infrastructure) and keys though the Trust Protection Platform. Technology overall has been slow to address its trust issues, and understandably, because it’s hard. But let’s heal our known broken trust issues already so we can get new, interesting topics at Defcon!

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

digital transformation, IT, vendor manager, new IT

Why Automation Is the Mantra of the New IT

phishing, phishing attack, cyber security

Are IT Professionals Training Our Users to be Phished?

certificate outages

Let’s Talk about Murphy’s Law for SSL/TLS x.509 Certificate Outages

About the author

Mark Miller
Mark Miller

Mark Miller is Senior Director, Enterprise Security Support, at Venafi, where he works with hundreds of the world’s largest companies to develop and implement strong, resilient cybersecurity strategies across a constantly evolving set of interlocking technologies. Mark has focused on building and leading strong teams to solve difficult product issues.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat