An old adage in cryptology is that encrypting data is always easy, but key distribution is always hard. Just a few days ago, Google reported that yet another wrongfully-issued certificate had been found for Google’s domains. As a result of many incidents and problems with CA-issued certificates, many different proposals have been made to improve the system. Google’s Certificate Transparency page compares some of the proposals; but it did not include my favorite idea, I thought it did not do justice to some of the other competing proposals, and it glossed over some of CT’s big issues. I evaluated all the proposals according to these criteria and put together the below spreadsheet to compare their strengths and weaknesses.
CA, Certificate Authority, Certificate Pinning, Certificate Transparency, Client certificates, Client SSL, Convergence, DANE, DNS Authentication of Named Entities, HTTPS, SSL, TACK, TLS, Trust Assertions for Certificate Keys
You are currently browsing the archives for December, 2013