Web security depends heavily on a large Public Key Infrastructure (PKI). However, the design of this PKI does not match the theoretical structure of an ideal one. This leads to user confusion and potential security holes. We also describe the major repair proposals, DANE and Certificate Transparency, and show their limitations. We conclude by discussing the attributes of a good solution.
Details anzeigen