January 2011 - Entrust, Inc. 1-4 of 4

SSL is about assurance

January 30, 2011 by Bruce Morton
Troy Hunt, in his article “SSL is not about encryption,” says that SSL is about assurance and “establishing a degree of trust in a site’s legitimacy.” I have mixed feelings about the title, but agree with the points that Hunt makes. Here are some highlights: Users assume that high-profile sites (e.g., Facebook, Twitter, Dropbox) provide [Read More...]

Key Size Update

January 24, 2011 by Bruce Morton
Last summer I posted a blog about the move 2048-bit RSA keys in SSL certificates. While I was drafting my post, NIST was working on a new Special Publication. This document, just released as NIST SP 800-131A, allows a transition period to from 1024-bit to 2048-bit RSA keys. In the period of 1 January 2011 [Read More...]

Increasingly Inconsistent Browser Security User Interfaces

January 20, 2011 by Bruce Morton
I recently posted about Mozilla’s plan to remove the padlock icon from the Firefox user interface. Here is a complementary post from Steve Schultze of Princeton’s Center for Information Technology Policy, Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent. Schultze discusses how the mainstream desktop browsers are becoming less and less consistent. [Read More...]

Mozilla to remove iconic Lock Icon

January 4, 2011 by Bruce Morton
Although not released yet, the latest betas of Firefox 4.0 indicate that Mozilla has removed the https lock icon from the browser. Different forms of the lock icon have been used since the earliest commercial releases of Netscape and Internet Explorer browsers. The lock icon is currently used in all major desktop browsers:  IE, Firefox, [Read More...]