OpenSSL PKI security architecture.
At its heart, an X.509 PKI is a security architecture that uses well-established cryptographic mechanisms to support use-cases like email protection and web server authentication. In this regard it is similar to other systems based on public-key cryptography, for example OpenPGP [RFC 4880]. In the realm of X.509 however, and thanks to its roots in a globe-spanning scheme devised by the telecom industry, these mechanisms come with a fair amount of administrative overhead.
One thing to keep in mind is that X.509 is not an application, but a specification upon which applications like Secure Multipurpose Internet Mail Extensions (S/MIME) and Transport Layer Security (TLS) are based. The building blocks are very generic and derive most of their meaning from the relations that exist/are established between them. It’s called an infrastructure for a reason.
Visit: PKI tutorial to learn more about PKI.
In an ever expanding world of networked mobile devices, security threats and our ignorance of them are more widespread than ever. James Lyne of security firm Sophos believes that if we continue to ignore basic best practices, security is on a trajectory of failure.
US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.
A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo and Facebook.
This network diagram, from a GCHQ pilot program, shows how the agency proposed a system to identify encrypted traffic from its internet cable-tapping programs and decrypt what it could in near-real time.
The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering.
But security experts accused them of attacking the internet itself and the privacy of all users. “Cryptography forms the basis for trust online,” said Bruce Schneier, an encryption specialist and fellow at Harvard’s Berkman Center for Internet and Society. “By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.” Classified briefings between the agencies celebrate their success at “defeating network security and privacy”.
Read more: The Guardian
If I think about it, what does this mean for the possibility that organized crime also has the opportunity to use these techniques. Then our whole eCommerce will crumble. Something to think about.