• SSL is about assurance

    Troy Hunt, in his article “SSL is not about encryption,” says that SSL is about assurance and “establishing a degree of trust in a site’s legitimacy.” I have mixed feelings about the title, but agree with the points that Hunt makes. Here are some highlights: Users assume that high-profile sites (e.g., Facebook, Twitter, Dropbox) provide assurance even though they do

        in Secure Browsing, SSL Deployment
    0
  • Key Size Update

    Last summer I posted a blog about the move 2048-bit RSA keys in SSL certificates. While I was drafting my post, NIST was working on a new Special Publication. This document, just released as NIST SP 800-131A, allows a transition period to from 1024-bit to 2048-bit RSA keys. In the period of 1 January 2011 through 31 December 2013, 1024-bit

        in Secure Browsing, SSL Deployment
    0
  • Increasingly Inconsistent Browser Security User Interfaces

    I recently posted about Mozilla’s plan to remove the padlock icon from the Firefox user interface. Here is a complementary post from Steve Schultze of Princeton’s Center for Information Technology Policy, Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent. Schultze discusses how the mainstream desktop browsers are becoming less and less consistent. In addition, the wide spread

        in Secure Browsing
    0
  • Mozilla to remove iconic Lock Icon

    Although not released yet, the latest betas of Firefox 4.0 indicate that Mozilla has removed the https lock icon from the browser. Different forms of the lock icon have been used since the earliest commercial releases of Netscape and Internet Explorer browsers. The lock icon is currently used in all major desktop browsers:  IE, Firefox, Chrome, Safari, and Opera. It

        in Secure Browsing
    0
  • Increasingly Inconsistent Browser Security User Interfaces

    I recently posted about Mozilla’s plan to remove the padlock icon from the Firefox user interface. Here is a complementary post from Steve Schultze of Princeton’s Center for Information Technology Policy, Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent. Schultze discusses how the mainstream desktop browsers are becoming less and less consistent. In addition, the wide spread

        in Secure Browsing
    0
  • Mozilla to remove iconic Lock Icon

    Although not released yet, the latest betas of Firefox 4.0 indicate that Mozilla has removed the https lock icon from the browser. Different forms of the lock icon have been used since the earliest commercial releases of Netscape and Internet Explorer browsers. The lock icon is currently used in all major desktop browsers:  IE, Firefox, Chrome, Safari, and Opera. It

        in Secure Browsing
    0