Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Public key infrastructure
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Criticism == {{see also|X.509#Security|Comodo Group#2011 breach incident|Diginotar#Issuance of fraudulent certificates}} Some argue that purchasing certificates for securing websites by [[Transport Layer Security|SSL/TLS]] and securing software by [[code signing]] is a costly venture for small businesses.<ref>{{cite web |url=https://www.forbes.com/sites/richardstiennon/2013/05/14/should-we-abandon-digital-certificates-or-learn-to-use-them-effectively |title=Should We Abandon Digital Certificates, Or Learn to Use Them Effectively? |work=[[Forbes]]}}</ref> However, the emergence of free alternatives, such as [[Let's Encrypt]], has changed this. [[HTTP/2]], the latest version of HTTP protocol, allows unsecured connections in theory; in practice, major browser companies have made it clear that they would support this protocol only over a PKI secured [[Transport Layer Security|TLS]] connection.<ref>{{cite web |url=https://http2.github.io/faq/ |title=HTTP/2 Frequently Asked Questions |via=Github |work=HTTP/2 wiki}}</ref> Web browser implementation of HTTP/2 including [[Google Chrome|Chrome]], [[Firefox]], [[Opera (web browser)|Opera]], and [[Microsoft Edge|Edge]] supports HTTP/2 only over TLS by using the [[ALPN]] extension of the TLS protocol. This would mean that, to get the speed benefits of HTTP/2, website owners would be forced to purchase SSL/TLS certificates controlled by corporations. Currently the majority of web browsers are shipped with pre-installed [[Public key certificate#Intermediate certificate|intermediate certificates]] issued and signed by a certificate authority, by public keys certified by so-called [[root certificates]]. This means browsers need to carry a large number of different certificate providers, increasing the risk of a key compromise.<ref>{{cite web |title=Root Certificate vs Intermediate Certificates |url=https://aboutssl.org/root-certificates-vs-intermediate-certificates/ |access-date=2022-05-02 |website=About SSL |language=en-US}}</ref> When a key is known to be compromised, it could be fixed by revoking the certificate, but such a compromise is not easily detectable and can be a huge security breach. Browsers have to issue a security patch to revoke intermediary certificates issued by a compromised root certificate authority.<ref>{{cite web |work=Microsoft Security Advisory |title=Fraudulent Digital Certificates could allow spoofing |url=http://support.microsoft.com/kb/2524375 |date=March 23, 2011 |access-date=2011-03-24|publisher=Microsoft}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)