In the aftermath of the Diginotar hack, I wrote an article that mentioned we needed a silver bullet to solve the problems with the current state of SSL and certificate authorities. Of course the Internet wouldn’t be the Internet if such a silver bullet didn’t emerge sooner or later. Famous hacker Moxie Marlinspike has announced Convergence, a tool to verify the identity of websites without the need for a Certificate Authority.
In June 2011 Diginotar, a Dutch provider of SSL certificates, was hacked. The hack was probably carried out by hackers working for the government of the sovereign nation of Iran for the purpose of obtaining forged SSL certificates for a number of high level domains, such as Google and Yahoo, among others. With the help of those forged certificates, it was possible to snoop on encrypted communication of Iranian citizens by using them in a classic “man in the middle” attack. While the successful hack is significant in and of itself, it has far-reaching implications for the entire world.