Firefox to Block Mixed Content
Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.
Mozilla Endorses SSL Baseline Requirements
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.
SSL News from Black Hat and DEF CON
I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred [Read More...]
If You Don’t Like Your CA’s Practices, Find One More Sympatico
The following Mozilla bug came my way via the Cryptography mailing list. The gist of it is that a Norton (né VeriSign) customer asked for a certificate with two-year certificate, and got one with six-year validity. I don’t precisely understand why the customer is complaining to Mozilla, but they didn’t get satisfaction with Norton, who [Read More...]
Key Size Update
Last summer I posted a blog about the move 2048-bit RSA keys in SSL certificates. While I was drafting my post, NIST was working on a new Special Publication. This document, just released as NIST SP 800-131A, allows a transition period to from 1024-bit to 2048-bit RSA keys. In the period of 1 January 2011 [Read More...]
What’s the deal with 2048-bit keys?
Entrust has been getting a lot of questions about the move to 2048-bit RSA keys. The move is causing some web administrators concern, so we thought it would be a good time to clarify the reasoning behind the move to 2048-bit keys. The US National Institute of Standards and Technology (NIST) prepared a special report [Read More...]