• SSL News from Black Hat and DEF CON

    I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred in 2012? Nothing. Well, at

        in Secure Browsing, SSL, SSL Deployment
    0
  • Phishing with SSL

    I read an article from Netcraft about Phishing on sites using SSL certificates. It reminded me that the industry has been working on anti-phishing for many years. In 2005, the SSL industry created the CA/Browser Forum. One of the issues was to create a new SSL certificate that would fight phishing. The result was the Extended Validation (EV) SSL certificate.

        in Secure Browsing, SSL
    0
  • Short-Lived Certificates

    Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a CA; should there be a

        in Secure Browsing, SSL, Technical
    0
  • Certificate Transparency

    I mentioned in an earlier blog, about certification authority authorization (CAA), that one of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. Certificate Transparency (CT) is another proposed method to resolve this issue. The draft CT specification states the following goals: The goal is to make it impossible (or

        in Secure Browsing, SSL, SSL Deployment
    0
  • Short-Lived Certificates

    Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a CA; should there be a

        in Secure Browsing, SSL, Technical
    0
  • Certificate Transparency

    I mentioned in an earlier blog, about certification authority authorization (CAA), that one of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. Certificate Transparency (CT) is another proposed method to resolve this issue. The draft CT specification states the following goals: The goal is to make it impossible (or

        in Secure Browsing, SSL, SSL Deployment
    0
Page 1 of 212