Hai appena visto questo suggerimento su Slashdot
So I've seen quite a few people wanting a switch to self-signed certs (who IMO mostly don't understand what making that secure actually involves), and an idea to check certs from different network paths (which doesn't work if your only path is compromised, and how do you secure the communication to the service that does the check for you?).
So here's an alternative idea: Require multiple CAs.
Instead of doing it the "extended validation" way which is more money for not a whole lot more service from the same provider, it'd be much better to have multiple CA signatures on a single cert.
Compromising multiple CAs in the same timeframe to create a cert would be considerably harder than creating one. More importantly, it'd make revoking large CAs much easier.
Let's say that the new norm is to have a site's cert is signed by 5 different CAs, and that the minimum acceptable amount is 3 signatures.
Then, if Verisign gets compromised there's no problem with pulling their cert: you're down to 4 valid signatures on your certificate, which is still fine. That should put considerably more pressure on CAs to perform better.
Even Verisign wouldn't be able to trust that their security problems would be let go due to their popularity, as even the largest CAs would be completely expendable without the end users needing to care much. The site would just go with a different 5th CA to return back to the full strength.
Sembra che funzioni (anche se otterresti una valutazione di sicurezza invece che convalida / non convalida il certificato binario). Che dire della redditività? Potrebbe essere fatto all'interno degli standard esistenti? Non riesco a capire se si dovrebbe rilasciare lo stesso CSR a più CA, quindi fornire un intero gruppo di certificati al browser ... di se si dovesse semplicemente firmare un certificato in sequenza da più CA.