Should You Use SHA-2?
A common question we receive from certificate customers: should we ask Entrust to sign our certificate with a signature using the SHA-2 hashing algorithm?
HTTP Strict Transport Security (HSTS) will soon be finalized and available in an IETF standard. The request for comment (RFC) is at version 11 and the IESG has put out a last call for comments. HSTS is a security policy mechanism where a Web server tells a supporting browser that it can only connect to [Read More...]
Google Rethinks Revocation
Google has decided in Chrome that they’re going to take a different approach to certificate revocation. Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far. Revocation is a difficult task. It [Read More...]
Don’t fear the BEAST
A few weeks ago, Juliano Rizzo and Thai Duong published a paper on an SSL attack that they call BEAST, which decrypts parts of an SSL connection. Before I discuss it at length, let me cut to the chase on it. Q: Is this something that you need to worry about? A: No. Here’s a [Read More...]
Why Your Browser Matters
Over the past couple of weeks, the Online Trust Alliance (OTA) and Microsoft have launched campaigns promoting the use of modern browsers. OTA’s campaign, “Why Your Browser Matters,” provides tools and resources to help website operators provide user education on the value of keeping browsers current. What appears to be complementary to the OTA campaign [Read More...]
SSL Session Resume
Yngve Pettersen of Opera has written a great article on SSL Session Resume. The SSL session resumption feature in the SSL/TLS protocol allows multiple connections to use the same negotiated secret key data to calculate encryption keys for the connection. This allows a secure connection to be re-established very quickly with no loss of security, [Read More...]
Online SSL Tools
So you’ve gone to the trouble of buying and installing an SSL certificate. How do know you installed it properly? Some would just test the site by trying it with their browser. The problem is that Internet Explorer and Firefox validate the certificate path differently. Firefox will install an intermediate certificate while IE doesn’t. IE [Read More...]