|
While in recent years, HTTPS has become integral part of protecting social, political, and economic activities online, widely reported security incidents—such as DigiNotar’s breach, Apple’s #gotofail, and OpenSSL’s Heartbleed—have exposed systemic security vulnerabilities of HTTPS to a global audience. A report released by ACM Queue warns that “the security of the entire ecosystem suffers if any of the hundreds of CAs [certificate authorities] is compromised (weakest link); browsers are unable to revoke trust in major CAs (“too big to fail”); CAs manage to conceal security incidents (information asymmetry); and ultimately customers and end users bear the liability and damages of security incidents (negative externalities).”
“Understanding the market and value chain for HTTPS is essential to address these systemic vulnerabilities. The market is highly concentrated, with very large price differences among suppliers and limited price competition. Paradoxically, the current vulnerabilities benefit rather than hurt the dominant CAs, because among others, they are too big to fail.”
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byCSC
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byDNIB.com