Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry.
Entrust Identity ON:
CA Security Council:
HTTPS interception —
- Paper: The Security Impact of HTTPS Interception
- US-Cert Alert (TA17-075A) – HTTPS Interception Weakens TLS Security
- The HTTPS interception dilemma: Pros and cons
- Are you undermining your web security by checking on it with the wrong tools?
- Google and Mozilla are right: AV firms do need to stop breaking HTTPS security
Let’s Encrypt and free certificates —
- A Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
- Free public certificate authorities: Nice idea, big flaw
- When the ‘S’ in HTTPS also stands for shady
- Let’s Encrypt issues certs to “˜PayPal’ phishing sites: how to protect yourself
Google and Symantec —
- Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates
- Symantec Backs Its CA
- There Are No Winners in the Google/Symantec Feud
News & Notes:
- One IP address, multiple SSL sites? Beating the great IPv4 squeeze
- Why Replace SHA-1 with BLAKE2?
- Banking, news and pharmacy websites regarded “not secure” by Chrome and Firefox
- A hard learned lesson in VPNs and secure websites
- Forbes discusses Road To SSL
- PayPal Phishing Certificates Far More Prevalent Than Previously Thought
- Get help with HTTPS Problems
- A new security header: Expect-CT