August 2012 - Entrust, Inc. 1-8 of 8

SSL News from Black Hat and DEF CON

August 28, 2012 by Bruce Morton
I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred [Read More...]

Phishing with SSL

August 24, 2012 by Bruce Morton
I read an article from Netcraft about Phishing on sites using SSL certificates. It reminded me that the industry has been working on anti-phishing for many years. In 2005, the SSL industry created the CA/Browser Forum. One of the issues was to create a new SSL certificate that would fight phishing. The result was the [Read More...]

Short-Lived Certificates

August 21, 2012 by Bruce Morton
Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a [Read More...]

Certificate Transparency

August 17, 2012 by Bruce Morton
I mentioned in an earlier blog, about certification authority authorization (CAA), that one of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. Certificate Transparency (CT) is another proposed method to resolve this issue. The draft CT specification states the following goals: The goal is [Read More...]

Entrust withdraws from CA/B Forum

August 9, 2012 by Jon Callas
Entrust has a long history with the CA/Browser Forum. We are one of its founding members, and have worked closely with it since its founding. Sadly, we have had to leave the Forum along with nearly 40% of its membership including other companies such as IdenTrust, Network Solutions, RIM, RSA and T-Systems. Even worse, this [Read More...]

Understanding SSL

August 7, 2012 by Bruce Morton
Just thought I would let you know about a podcast called Sophos Techknow – Understanding SSL. Hopefully there won’t be much new for the regular readers of this blog, but the information may be valuable for those new to the SSL industry. I did want to make note of a few things. The podcasters discuss [Read More...]

What is a Certified Document and when should you use it?

August 3, 2012 by Bruce Morton
I found this article on the Adobe Security Matters website, What is a Certified Document and when should you use it? For those who need to certify documents, you may find it interesting. As a quick summary, it states that here are two frequent use cases for Certified Documents: Publishing files and want the recipients [Read More...]

What is a Certified Document and when should you use it?

August 1, 2012 by Bruce Morton
I found this article on the Adobe Security Matters website, What is a Certified Document and when should you use it? For those who need to certify documents, you may find it interesting. As a quick summary, it states that here are two frequent use cases for Certified Documents: Publishing files and want the recipients [Read More...]