Jon Callas

About

Jon Callas has over 30 years of experience and served as Entrust’s Chief Technology Officer. Prior to joining Entrust, Callas co-founded PGP Corporation which specialized in email and data encryption software. Over the course of more than fifteen years, Callas held leadership functions including CTO and CSO. Most recently, he also served as an operating system security expert with Apple. Additionally, he has held leadership positions with corporations including Wave Systems Corporation, Digital Equipment Corporation and Counterpane Internet Security Inc. He has also authored several Internet Engineering Task Force (IETF) standards including OpenPGP, DKIM, and ZRTP.

Blog Posts 1-10 of 23

Entrust withdraws from CA/B Forum

August 9, 2012 by Jon Callas     No Comments

Entrust has a long history with the CA/Browser Forum. We are one of its founding members, and have worked closely with it since its founding. Sadly, we have had to leave the Forum along with nearly 40% of its membership including other companies such as IdenTrust, Network Solutions, RIM, RSA and T-Systems. Even worse, this [Read More...]

US Court Decision is Good News for Banking Customers

July 17, 2012 by Jon Callas     No Comments

Blogmaster Note: This was originally posted on July 17, 2012 to ComputerWorld UK’s Security Spotlight Blog. US ruling has implications for UK over bank’s liability Thefts from a construction company in Sanford, Maine might be the catalyst for much-needed improvements to banking security. The US First Circuit Court of Appeals reversed a decision that said [Read More...]

Alan Turing Notes on Cryptography Released

July 12, 2012 by Jon Callas     No Comments

Are there any insights left to be wrung from the code breaker’s papers?

Chris Vallance of the BBC reports that GCHQ has released some of Alan Turing’s papers on the theory of code breaking. They’re not on display at the National Archives at Kew. I’ve checked the web pages of the Archives and GCHQ, and there is as of my writing nothing up there, yet.

The two papers are titled, The Applications of Probability to Crypt” and Paper on the Statistics of Repetitions. They discuss the use of mathematics to cryptanalysis. This might seem a bit obvious now, but at the time cryptanalysis was largely done by smart people and not by machines. A code-breaker was more likely someone who was good at solving complex crossword puzzles than working with numbers. It was unusual to bring in someone like Turing to a cryptology lab.

There Weren’t Really Chinese Backdoors in Military Chips

July 12, 2012 by Jon Callas     No Comments

Blogmaster Note: This was originally posted on July 12, 2012 to ComputerWorld UK’s Security Spotlight Blog. What happened and unsolicited advice In March, Cambridge researcher Sergei Skorobogatov and Quo Vadis Labs researcher Christopher Woods put up a draft paper on a cool new technique they used to ‘disable all the security’a security-enabled chip. It sat [Read More...]

If You Don’t Like Your CA’s Practices, Find One More Sympatico

April 24, 2012 by Jon Callas     No Comments

The following Mozilla bug came my way via the Cryptography mailing list. The gist of it is that a Norton (né VeriSign) customer asked for a certificate with two-year certificate, and got one with six-year validity. I don’t precisely understand why the customer is complaining to Mozilla, but they didn’t get satisfaction with Norton, who [Read More...]

Disappointment Over Speeding up SSL

April 23, 2012 by Jon Callas     No Comments

A year and a half ago, Google started an experiment to speed up SSL by 30% by using an improvement called False Start. Our own Bruce Morton wrote about it not once but twice, and most of the world has been hopeful about the experiment. What’s not to like about a 30% speed improvement? Sadly, [Read More...]

APWG Counter eCrime Operations Summit

April 23, 2012 by Jon Callas     No Comments

The APWG started as the Anti-Phishing Working Group in 2003. In the past nine years, it has grown and expanded to be an association of technical organizations, financial organizations, treaty organizations, and others to fight eCrime and identity theft. It provides coordination and assistance for just about anyone who needs it. I have worked with [Read More...]

Security Hardening iPhones and iPads

April 12, 2012 by Jon Callas     No Comments

Blogmaster Note: This was originally posted on April 12,  2012 to ComputerWorld UK’s Security Spotlight Blog. BYOD, or “Bring Your Own Device” is one of the IT trends that I’m sure you know about, if not by that name. Driven by the users themselves, who go out and get cool new kit — iOS, Android, their [Read More...]

Filed Under:
Tagged With:

Sophos Breach Tied to Partner Portal

April 6, 2012 by Jon Callas     2 Comments

Security Week reports in, “Sophos Kills Partner Portal After Suffering Breach” that the security firm Sophos has disabled its partner portal after discovering a breach. They aren’t saying much yet — kudos to them for their disclosure and response — but they think that the breach came from an older part of their portal, and [Read More...]

Google Rethinks Revocation

March 7, 2012 by Jon Callas     No Comments

Google has decided in Chrome that they’re going to take a different approach to certificate revocation. Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far. Revocation is a difficult task. It [Read More...]