Tag Archives: CA/Browser ForumCA/Browser Forum

Mozilla Endorses SSL Baseline Requirements

February 27, 2013 by Bruce Morton     2 Comments

The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.

SSL Certificates without Non-FQDNs

February 21, 2013 by Bruce Morton     1 Comment

The CA/Browser Forum decided to mitigate the risk by deprecating the issuance of certificates with non-FQDNs.

Certificate Authority Security Council

February 14, 2013 by Bruce Morton     No Comments

Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.

SSL – Privacy, Integrity, Authenticity

November 29, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

SSL News from Black Hat and DEF CON

August 28, 2012 by Bruce Morton     No Comments

I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred [Read More...]

Phishing with SSL

August 24, 2012 by Bruce Morton     No Comments

I read an article from Netcraft about Phishing on sites using SSL certificates. It reminded me that the industry has been working on anti-phishing for many years. In 2005, the SSL industry created the CA/Browser Forum. One of the issues was to create a new SSL certificate that would fight phishing. The result was the [Read More...]

Understanding SSL

August 7, 2012 by Bruce Morton     No Comments

Just thought I would let you know about a podcast called Sophos Techknow – Understanding SSL. Hopefully there won’t be much new for the regular readers of this blog, but the information may be valuable for those new to the SSL industry. I did want to make note of a few things. The podcasters discuss [Read More...]

Certification Authority Authorization

July 11, 2012 by Bruce Morton     No Comments

One of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. This would be upsetting to a subscriber that has reviewed the SSL industry and has chosen a CA that they can trust and work with. Another CA can issue a certificate for their domain [Read More...]