{"id":8765,"date":"2012-12-14T15:51:34","date_gmt":"2012-12-14T21:51:34","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=8765"},"modified":"2012-12-14T15:51:34","modified_gmt":"2012-12-14T21:51:34","slug":"the-icsi-certificate-notary","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=8765","title":{"rendered":"The ICSI Certificate Notary"},"content":{"rendered":"<blockquote><p>Much of the Internet\u2019s end-to-end security relies on the SSL protocol, along with its underlying X.509 certificate infrastructure. However, the system remains quite brittle due to its liberal delegation of signing authority: a single compromised certification authority undermines trust globally. The <strong>ICSI Notary<\/strong> helps clients to identify malicious certificates by providing a third-party perspective on what they should expect to receive from a server. While similar in spirit to existing efforts, such as <a href=\"http:\/\/www.convergence.io\">Convergence<\/a> and the EFF\u2019s <a href=\"https:\/\/www.eff.org\/observatory\">SSL observatory<\/a>, our notary collects certificates <em>passively from live upstream traffic<\/em> at multiple independent Internet sites, aggregating them into a central database in near-realtime.<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/notary.icsi.berkeley.edu\/\">The ICSI Certificate Notary<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Much of the Internet\u2019s end-to-end security relies on the SSL protocol, along with its underlying X.509 certificate infrastructure. However, the system remains quite brittle due to its liberal delegation of signing authority: a single compromised certification authority undermines trust globally. &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=8765\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[730,420,107,101],"class_list":["post-8765","post","type-post","status-publish","format-standard","hentry","category-networking","tag-berkeley","tag-certificates","tag-reference","tag-security"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/8765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8765"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/8765\/revisions"}],"predecessor-version":[{"id":8766,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/8765\/revisions\/8766"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8765"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}