Certificate authorities are at the core of the trust relationship that makes the internet function. They issue the certificates that governments, financial institutions, and companies use to sign their software and websites, providing users with assurance that they are downloading a legitimate program made by Microsoft or entering their account login credentials at a legitimate website operated by Bank of America or Gmail. Attacking such an authority would allow the attackers to issue themselves legitimate certificates in the name of any company and use it to sign malware. It went a step
...more
