• SSL is about assurance

    Troy Hunt, in his article “SSL is not about encryption,” says that SSL is about assurance and “establishing a degree of trust in a site’s legitimacy.” I have mixed feelings about the title, but agree with the points that Hunt makes. Here are some highlights: Users assume that high-profile sites (e.g., Facebook, Twitter, Dropbox) provide assurance even though they do

        in Secure Browsing, SSL Deployment
    0
  • Key Size Update

    Last summer I posted a blog about the move 2048-bit RSA keys in SSL certificates. While I was drafting my post, NIST was working on a new Special Publication. This document, just released as NIST SP 800-131A, allows a transition period to from 1024-bit to 2048-bit RSA keys. In the period of 1 January 2011 through 31 December 2013, 1024-bit

        in Secure Browsing, SSL Deployment
    0
  • Increasingly Inconsistent Browser Security User Interfaces

    I recently posted about Mozilla’s plan to remove the padlock icon from the Firefox user interface. Here is a complementary post from Steve Schultze of Princeton’s Center for Information Technology Policy, Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent. Schultze discusses how the mainstream desktop browsers are becoming less and less consistent. In addition, the wide spread

        in Secure Browsing
    0
Page 1 of 212