Certificate Authority Security Council

Bruce Morton

Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.

The purpose of the group is to advance online security by encouraging best practices in the development and deployment of the SSL ecosystem. The CASC will use education, advocacy and research to improve and deploy critical Internet policies.

The CASC is not a standards group, but its members will continue to support development of standards by such organizations as the IETF and the CA/Browser Forum.

The first planned series of education and advocacy efforts will be regarding Online Certificate Status Protocol (OSCP) stapling. The official name is Certificate Status Request, as defined in RFC 6066, section 8. OCSP stapling is a more common name as it describes the OCSP response being stapled at the Web server to be used to provide certificate status through the SSL handshake.

From more information of CASC, please visit CAsecurity.org.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.

0 Comments

Add to the Conversation