Can You Trust Online IDs?
These digital certificates include a key pair that allows the holder to encrypt data or show proof of origin and authenticity of data for documents sent with them. They are used to digitally sign programs so that the recipient knows they come from a trusted party and are safe to activate. Fraudulently obtained certificates could be used by an attacker to fool users into running an unsafe program. Microsoft issued an update that installs a CRL listing the two fake certificates, so a user encountering a program signed by either certificate will see that they have been revoked. The update will also turn on the CRL checking function in Internet Explorer to check for software publisher's certificates.
"There are things that could have been done in the past that would have prevented this from being a problem," says Shawn Hernan, a technical staff member at the Computer Emergency Response Team (CERT). "Microsoft has chosen in the past not to enable the features that would have checked for revoked certificates automatically, though that's not entirely their fault. That's what the public has been demanding; ease of use and simple, unobstructed access to their favorite sites."
Mahi de Silva, vice president and general manager for applied trust services at VeriSign, says that there are other reasons that automatic CRL checking has not been popular. "You have the potential that the CRL could be large and there might be some issues of network timeouts when the system tries to retrieve it," he says.
Despite those concerns, de Silva says that automatic CRL checking will become more widespread. "The entire infrastructure for PKI will look at this and say, 'This is something we need to do to make the system even better than it is today.'"
Hernan agrees that the software industry can rise to the challenge. "I'm sure the [IT] community could respond to develop clever solutions to make it go acceptably fast," he says. "I'm hopeful that quick, high-speed CRL checking will be one of the results of this."
|Printer friendly Cite/link Email Feedback|
|Article Type:||Brief Article|
|Date:||Jun 1, 2001|
|Previous Article:||E-Commerce Laws Online.|
|Next Article:||Square Gets Hip to PROTECTION.|