Category Archives: EV SSL

Always-On SSL

February 6, 2014 by Bruce Morton     2 Comments

Always-On SSL is an approach to securing your website to mitigate attacks against your users. When I think of Always-On SSL, I think of three concepts: SSL across your entire site, SSL deployed to the best practices, and SSL with leading technology. SSL across Your Entire Site The approach to Always-On SSL is to avoid [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: EV SSL, HSTS, OCSP stapling

CAs Being Audited to Baseline Requirements

August 1, 2013 by Bruce Morton     No Comments

Certification authorities (CA) have always been compliance-minded and have historically imposed third-party audits upon themselves. The CAs disclose their requirements through a certificate policy (CP) document or certification practice statement (CPS). In these documents they state that they will be audited by a third party to meet these requirements. Historically, the CAs had to choose [Read More...]

Filed Under: EV SSL, SSL Tagged With: CA/Browser Forum, WebTrust

Understanding SSL

August 7, 2012 by Bruce Morton     No Comments

Just thought I would let you know about a podcast called Sophos Techknow – Understanding SSL. Hopefully there won’t be much new for the regular readers of this blog, but the information may be valuable for those new to the SSL industry. I did want to make note of a few things. The podcasters discuss [Read More...]

All SSL and Digital Certificates Are the Same, Right? Wrong

May 21, 2012 by Dave Rockvam     No Comments

If all digital certificates are the same, why choose anything but the basic certificate? Because all certificates are not the same. Currently, there are three classes of digital certificates as recognized by the CA/Browser Forum: Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). There is a common misconception that the only difference in [Read More...]

Filed Under: EV SSL, SSL Tagged With: Computer security, dv, EV

If You Don’t Like Your CA’s Practices, Find One More Sympatico

April 24, 2012 by Jon Callas     No Comments

The following Mozilla bug came my way via the Cryptography mailing list. The gist of it is that a Norton (né VeriSign) customer asked for a certificate with two-year certificate, and got one with six-year validity. I don’t precisely understand why the customer is complaining to Mozilla, but they didn’t get satisfaction with Norton, who [Read More...]

Disappointment Over Speeding up SSL

April 23, 2012 by Jon Callas     No Comments

A year and a half ago, Google started an experiment to speed up SSL by 30% by using an improvement called False Start. Our own Bruce Morton wrote about it not once but twice, and most of the world has been hopeful about the experiment. What’s not to like about a 30% speed improvement? Sadly, [Read More...]

Survey: Site Seals vs Reliable Security – Which is Most Important?

April 10, 2012 by Dave Rockvam     No Comments

There is a lot of hype right now about a major player in the SSL security space “rebranding” itself as the go-to SSL provider. But hype and big brand names alone shouldn’t influence security buying decisions. While this sounds logical, too many companies and organizations pay a premium for an over-marketed SSL trust seal. Entrust [Read More...]

RSA Key Generation Flaw Does Not Affect Entrust Certificates

February 16, 2012 by Jon Callas     1 Comment

The New York Times published an article by John Markoff a couple days ago, “Flaw Found in an Online Encryption Method.” Sadly, the article is behind the Times paywall. Irritatingly, it’s a very good article except for the headline, which is wrong. The flaw isn’t found in the encryption, but in some key generation. A [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: Ben Laurie, crypto, cryptography

EV SSL Market Growing … Where It Counts

May 2, 2011 by Bruce Morton     No Comments

Netcraft recently released a report showing the growth of Extended Validation (EV) SSL certificate market share over the last four years. EV SSL certificates account for only 2.3 percent of all third party-issued certificates according to the Netcraft SSL survey. Organization Validated (OV) and Domain Validated (DV) SSL certificates took up the share of the [Read More...]

Filed Under: EV SSL, Secure Browsing, SSL, SSL Deployment Tagged With: Netcraft

Beware of Japan Aid Scams

March 17, 2011 by Bruce Morton     No Comments

Security advisors such as the United States Computer Readiness Team (US-CERT) and the SANS Institute are warning people to watch out for online scams related to the Japanese earthquake and tsunami relief effort. US-CERT encourages users to take the following measures to protect themselves: Do not follow unsolicited web links or attachments in email messages [Read More...]