Tag Archives: CAA

Certificate Reputation

March 10, 2014 by Bruce Morton     No Comments

One of the advantages of the SSL industry is that certificates can be issued from most trusted certification authorities (CAs). This allows certificate customers flexibility in choosing their CA or deciding to use a number of CAs. The disadvantage is the end-user does not know if the CA was authorized to issue the certificate and [Read More...]

2014 – Looking Back, Moving Forward

March 3, 2014 by Bruce Morton     1 Comment

Looking Back at 2013 Protocol Attacks The year started with a couple of SSL/TLS protocol attacks: Lucky Thirteen and RC4 attack. Lucky Thirteen allows the decryption of sensitive information, such as passwords and cookies, when using the CBC-mode cipher suite. Lucky Thirteen can be mitigated by implementing software patches or preferring the cipher suite RC4. [Read More...]

SSL – Privacy, Integrity, Authenticity

November 29, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

Certificate Transparency

August 17, 2012 by Bruce Morton     3 Comments

I mentioned in an earlier blog, about certification authority authorization (CAA), that one of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. Certificate Transparency (CT) is another proposed method to resolve this issue. The draft CT specification states the following goals: The goal is [Read More...]

Certification Authority Authorization

July 11, 2012 by Bruce Morton     No Comments

One of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. This would be upsetting to a subscriber that has reviewed the SSL industry and has chosen a CA that they can trust and work with. Another CA can issue a certificate for their domain [Read More...]

Fraudulent SSL Certificates

March 25, 2011 by Bruce Morton     2 Comments

US-CERT, Microsoft, Mozilla, Google, Comodo and many bloggers have recently reported the issuance of fraudulent SSL certificates for the following domains: mail.google.com www.google.com login.live.com addons.mozilla.org login.skype.com login.yahoo.com global trustee The certificates were issued by Comodo after one of their Registration Authority (RA) accounts was compromised. The mis-issuance was detected promptly, the certificates were revoked and [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: fraud, SSL