- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Page 3 of 3
What can be done?
If there is a way that we can separate who we trust from the vendor of the browsers then that would be the best thing to do. And the root of the trust should be the Internet with its built-in reputation ecosystem. All the CAs will have reputations built in because that's how the Internet runs, and then you have a better trust model that way. Rather than build it into the browser itself, that's what I'm saying. And I'm not saying I know how to implement this, but it's a better model.
If that were to happen and people have noticed that a particular CA is issuing bad certs the reputation will kick it out immediately. Nobody will have to issue patches, we don't have to wait for somebody to send something over for us to update. It will just be done in the ecosystem.
How would that work?
We have to build a mechanism to automatically update things. We did not do that. The right way to design, if we were to update things an updating protocol that automatically updates itself so when the next version comes up it knows where to find the next version rather than having to wait for a Windows update or whatever. I think there is technology that is known to the world to do that. And I hope people look for these things because honestly, every protocol will have roles for self-updating things. Nothing will remain secure forever. It's a bad idea actually to shoot for something that will be secure forever because we won't find any.
Do you see a way automatic updating could take place with SSL/TLS?
I think it's not just TLS, I think it's the self-updating thing in general. It's a good idea, right?
Are you working on that?
Am I working on that? No. It's something that exists but I'm not actually working on it.
What do you know about what's being worked on?
The beauty of living in Silicon Valley is that you talk to people every day, and people tell you interesting ideas. I'm not sure I'm allowed to say. People have approached me with some ideas of that type.
Read more about security in Network World's Security section.