For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

I trust Certificate Authorities, but I have no idea why

I’ve seen statistics that claim between 40% and 60% of all sites on the Internet use encryption to protect their web application traffic. Regardless of the true number (which changes on a daily basi...

Published Jul 01, 2015

Version 1.0

Ret. Employee

Joined May 15, 2019

Ret. Employee

Joined May 15, 2019

colbeseder_1156

Icon for Nimbostratus rank

Nimbostratus

Sep 06, 2016

Really good article.

"If anyone hacked a trusted CA, they could fake a certificate for any website using that CA".

Actually, if you hack into a CA and assign yourself arbitrary certificates, you can compromise any website you want.

HPKP goes some way towards mitigating this.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)