When we are working in internet, we are aware of that there some possibility where someone can steal our data even without our knowledge. To improve the security and to make the data unreadable we find the encryption and decryption algorithms. To make the web more secure, we use the SSL/TLS Protocols.
This protocols secures our data from the attackers and based on certificates. Mostly the attacker targets the client rather than server by using fake server certificates. This certificates are generally controlled by the Certificate Authority(CA).
Early only few CA (like Verisign, Equifax, and Thawte) are have the control over the SSL Certificates. But today, it grows to many number and usage of SSL certificates are also increased rapidly.
By default, the web browsers support many CA. For example, Firefox supports nearly 60 CA’s and IE supports more than 100 CA’s.
We think, that the security lies in the private key and certificates that we have in our server. But its not the true, the real security lies in the CA level.
When CA’s started to support the attackers, everything should be compromised. But we don’t have the control over the CA and we are not able to find this type of compromises also..
For Example, Cybertrust (a division of Verizon) issued SSL CA certificate to Etisalat on the 19th of December, 2005. Etisalat (CA) issues Certificates to the users and the company has the potential ability to fake a secure connection to any site Etisalat subscribers might visit using a man-in-the-middle scheme.
Now Ethisalat is supported in many browsers by default and there are some possibility that the entire web security is compromised.