Tag Archives: CA/Browser Forum

CAs Being Audited to Baseline Requirements

August 1, 2013 by Bruce Morton     No Comments

Certification authorities (CA) have always been compliance-minded and have historically imposed third-party audits upon themselves. The CAs disclose their requirements through a certificate policy (CP) document or certification practice statement (CPS). In these documents they state that they will be audited by a third party to meet these requirements. Historically, the CAs had to choose [Read More...]

Filed Under: EV SSL, SSL Tagged With: CA/Browser Forum, WebTrust

CAs Support Standards and Regulations

May 20, 2013 by Bruce Morton     No Comments

There is an industry myth that certification authorities (CAs) are not regulated. In fact publicly-trusted SSL CAs support the development of industry regulations and have been audited annually to ensure compliance to the many requirements.

All SSL and Digital Certificates Are the Same, Right? Wrong

May 21, 2012 by Dave Rockvam     No Comments

If all digital certificates are the same, why choose anything but the basic certificate? Because all certificates are not the same. Currently, there are three classes of digital certificates as recognized by the CA/Browser Forum: Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). There is a common misconception that the only difference in [Read More...]

Filed Under: EV SSL, SSL Tagged With: Computer security, dv, EV

If You Don’t Like Your CA’s Practices, Find One More Sympatico

April 24, 2012 by Jon Callas     No Comments

The following Mozilla bug came my way via the Cryptography mailing list. The gist of it is that a Norton (né VeriSign) customer asked for a certificate with two-year certificate, and got one with six-year validity. I don’t precisely understand why the customer is complaining to Mozilla, but they didn’t get satisfaction with Norton, who [Read More...]

Security Focus: It’s What’s Behind the Seal That Matters

April 24, 2012 by Dave Rockvam     No Comments

In my last post, I briefly discussed a survey Entrust commissioned to understand the effect trust seals have on online transaction behavior. Coincidentally, I discovered an article in IEEE Security & Privacy magazine about a similar survey the magazine conducted. Security-related items were one of eight different factors the survey identified that affected the participants’ [Read More...]

Dutch Government: PKI alternatives, replacements not on horizon

March 29, 2012 by Dave Rockvam     No Comments

In July 2011, Dutch certification authority (CA) DigiNotar experienced a security incident that affected the national security infrastructure of both governmental and non-governmental bodies in the Netherlands. The government commissioned a report looking into the incident and the broader CA/SSL market. One of the conclusions of the Dutch government’s report is that alternatives to PKI [Read More...]