Paper: "Economic Failures of HTTPS Encryption"
23 views
Skip to first unread message
Dave Schaefer
Dec 2, 2014, 12:35:52 AM12/2/14
to perspect...@googlegroups.com
This is an interesting note on Bruce Schneier's blog:
"Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in major CAs ("too big to fail"); CAs manage to conceal security incidents (information asymmetry); and ultimately customers and end users bear the liability and damages of security incidents (negative externalities).
"Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in major CAs ("too big to fail"); CAs manage to conceal security incidents (information asymmetry); and ultimately customers and end users bear the liability and damages of security incidents (negative externalities).
Understanding the market and value chain for HTTPS is essential to address these systemic vulnerabilities. The market is highly concentrated, with very large price differences among suppliers and limited price competition. Paradoxically, the current vulnerabilities benefit rather than hurt the dominant CAs, because among others, they are too big to fail."
https://www.schneier.com/blog/archives/2014/11/economic_failur.html
Stefano Fornari
Dec 2, 2014, 4:15:06 PM12/2/14
to perspect...@googlegroups.com
thanks for sharing!
Ste
> --
> You received this message because you are subscribed to the Google Groups
> "perspectives-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to perspectives-d...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Ste
> You received this message because you are subscribed to the Google Groups
> "perspectives-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to perspectives-d...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages