I had recently pontificated on subject ... in my own post
http://www.garlic.com/~lynn/2012n.html#71
Because many of the security requirements were almost immediately violated in the way it was deployed and used ... we started referring to the associated SSL digital certificates as "*comfort certificates*" ... instead of providing security, they provided a feeling of comfort.
I would come down on the side that the vested business interests in the current status quo have helped act as barrier to introduction of more secure alternatives.
Posted by Lynn Wheeler at October 21, 2012 10:08 AMThere are many, many vested interests in the status quo of SSL x.509 PKI:
1.) The companies that make money selling these certificates don't really want a more secure alternative to exist unless they can charge more for it .... the whole extended validation / green bar thing.
2.) Companies that make money selling commercial firewalls don't really want a more secure alternative to exist in mainstream use ....
http://www.computerworld.com/s/article/9224082/Trustwave_admits_issuing_man_in_the_middle_digital_certificate_Mozilla_debates_punishment
3.) Big business intelligence interests ....
4.) Big government intelligence interests .... this one's obvious.
5.) Organized criminal interests ....
http://www.computerworld.com/s/article/9232117/Cybercriminals_plot_massive_banking_Trojan_attack
6.) Businessmen/CIO types who already did their "due diligence," and just want to go on with their day without questioning it ....
... just to name a few.
Posted by JustinL at October 28, 2012 05:57 PM