CA/Browser Forum Updates Requirements for Code Signing Certificate Pri...
The CA/Browser Forum has approved Ballot CSC-13, which aims to increase the protection of code signing certificate private keys. The…
Timestamp Requests and SHA-1 Deprecation
Entrust hosts a time-stamp authority (TSA) to support our customers who digitally sign data such as code and documents. When…
SSL Review: March 2022
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from the industry. PKI Consortium PKI…
SSL Review: February 2022
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from the industry. Entrust Apple Changes…
SSL Review: January 2022
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. Entrust 2022 –…
SSL Review: December 2021
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends, and opinions from the industry. Entrust New Requirement…
Apple Changes S/MIME Certificate Validity Period to 1185-Days
In November 2021, we posted that Apple set the validity period of S/MIME certificates to 825 days. On February 1,…
2022 – Looking Back, Moving Forward with TLS
Looking back at 2021 In 2021, HTTPS was everywhere and use of the TLS 1.3 protocol continued to grow. With…
New Requirement Will Deprecate the Organization Unit (OU) Field in TLS...
In June 2021, the CA/Browser Forum passed ballot SC47 to remove the organization unit (OU) field from all public trust…
SSL Review: November 2021
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Discussing Wildcard…
Apple Reduces S/MIME Certificate Validity Period to 825-Days
At the October 2021 CA/Browser virtual face-to-face conference, Apple advised of updates to their root certificate program. The updates included…
Wildcard and multi-domain TLS certificates and ALPACA attack
Marcus Brinkmann presented the Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication (ALPACA) attack at Black Hat USA…
SSL Review: October 2021
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. F5 Market Screener…
SSL Review: September 2021
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Let’s Encrypt Root…
SSL Review: August 2021
The Entrust monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. PKI Consortium Increasing…
SSL Review: July 2021
The Entrust monthly SSL review covers TLS/SSL discussions – recaps, news, trends, and opinions from the industry. Entrust Gmail support…
SSL Review: June 2021
The Entrust monthly SSL review covers TLS/SSL discussions – recaps news, trends, and opinions from the industry. CA/Browser Forum Ballot…
SSL Review May 2021
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. Entrust Learn what…
SSL Review: April 2021
The Entrust monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. CA/Browser Forum Domain…
SSL Review: March 2021
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Cloudflare announces Heartbleed Revisited…
SSL Review: February 2021
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Certificate Transparency Google announces…
SSL Review: January 2021
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Looking Back at…
Code Signing Baseline Requirements Oblige Larger Keys for Crypto Effic...
Signing certificates are used to validate a signature on code or a document. As we look ahead to the future…
SSL Review: December 2020
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Kazakhstan MITM Certificate Mozilla…
Looking Back at 2020
2020 felt more like a maintenance year in the SSL/TLS ecosystem. Other than the certificate validity period changing from 825-days…
SSL Review: November 2020
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust How the Changes…
SSL Review: October 2020
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Chrome Root Program and…
SSL Review: September 2020
Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust TLS Protocol 1.2…
TLS Protocol 1.2 Vulnerable to Raccoon Attack
Recently, a team of researchers discovered a vulnerability with all versions of the SSL and TLS 1.2 and prior protocols…
SSL Review: August 2020
Entrust’s monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. 398-Day Certificate Validity Apple…
SSL Review: July 2020
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Why Google’s…
SSL Review: June 2020
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard Frost…
SSL Review: April and May 2020
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions – recaps news, trends, and opinions from the industry. Entrust Datacard Best…
SSL Review: March 2020
Entrust Datacard’s monthly SSL review covers TLS/SSL discussions – recaps news, trends and opinions from the industry. Apple on 398-day…
SSL Review: February 2020
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions – recaps news, trends and opinions from the industry. Entrust Datacard Apple…
Apple Announces 398-day Maximum Certificate Lifetime
At the 49th meeting of the CA/Browser Forum held in February 2020, Apple announced that they are changing their root…
SSL Review: January 2020
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. CA Security Council…
SSL Review: December 2019
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard The…
SSL Review: November 2019
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard Chrome…
Chrome Kills Mixed Content for HTTPS
In a phased approach, Chrome plans to block mixed content on secure websites to improve user security. Most browsers already block…
SSL Review: October 2019
CASC Paul Walsh provides a great blog about The Insecure Elephant in the Room and browser based UI Patrick Nohe hashes out Online…
SSL Review: September 2019
October 2019 by
Bruce Morton
Entrust Datacard The Value of EV Certificates Remains Regardless of Changes to the EV Indicator in Major Browsers Shortening Validity…
SSL Review: August 2019
September 2019 by
Bruce Morton
CASC … 9 Common Myths About CAs Shortening Validity Period of SSL/TLS Certificates … Web body mulls halving HTTPS cert…
SSL Review: July 2019
August 2019 by
Bruce Morton
CASC The Advantages of Short-Lived SSL Certificates for the Enterprise Bulletproof TLS Newsletter #55 Kazakhstan intercepts TLS traffic Hashedout provides input…
SSL Review: June 2019
July 2019 by
Bruce Morton
CASC What the Latest Firefox Update Means for SSL Certificates What Are Subordinate CAs and Why Would You Want Your…
SSL Review: May 2019
June 2019 by
Bruce Morton
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends and opinions from the industry….
SSL vs. TLS
Several years ago, I wrote “Is it SSL, TLS or HTTPS?” This was a simple blog to talk about the…
SSL Review: April 2019
May 2019 by
Bruce Morton
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends and opinions from the industry….
SSL Review: March 2019
The Entrust Datacard monthly SSL review covers SSL/TLS discussions with a recap of news, trends and opinions from the industry….
SSL Review: February 2019
March 2019 by
Bruce Morton
Entrust Datacard provides information on TLS 1.3 and phone domain name validation methods: TLS 1.3, Less is More Phone Domain Name…
What’s the Difference Between a Public and Private Trust Certificate...
Public and private trust certificates are types of SSL/TLS certificates that are formatted to suit different use cases. Entrust Datacard…
IP Address Validation Used for Issuing SSL/TLS Certificates
March 2019 by
Bruce Morton
The CA/Browser Forum continues to update the validation methods used for issuing SSL/TLS certificates to improve security. The latest, Ballot 7,…
Phone Domain Name Validation for SSL Certificates
February 2019 by
Bruce Morton
The CA/Browser Forum continues to improve domain name validation for SSL/TLS certificates. Following new methods to verify domain names using emails…
SSL Review: January 2019
February 2019 by
Bruce Morton
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard ……
TLS 1.3, Less is More
Increases in both performance and security are what can be expected as TLS 1.3 takes a less is more approach…
Introducing Domain Name Validation Method 13
January 2019 by
Bruce Morton
In 2018, the CA/Browser Forum held a domain validation summit to the review the approved domain validation methods. The meeting covered…
Removal of Underscores from Domain Names
January 2019 by
Bruce Morton
In November 2018, the CA Browser Forum voted to sunset the use of underscore characters in the domain names of SSL/TLS…
SSL Review: December 2018
January 2019 by
Bruce Morton
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. CA Security Council……
2019 – Looking Back, Moving Forward
Looking Back at 2018 2018 was an active year for SSL/TLS. We saw the SSL/TLS certificate validity period drop to…
What Does Your CAA Say?
January 2019 by
Bruce Morton
Certification Authority Authorization (CAA) is a method for a domain owner to permit one or more certification authorities (CAs) to…
SSL Review: November 2018
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard… Major…
Major Browsers Coordinated on Deprecating TLS 1.0 and 1.1
November 2018 by
Bruce Morton
In an unprecedented move for the SSL/TLS ecosystem, the four major browsers have uniformly announced that they will deprecate TLS…
Domain Validation – Where are We Now?
August 2018 by
Bruce Morton
Public trust SSL/TLS certificates assert an association between a domain name and a public key. The domain name may be…
SSL Review: May and June 2018
July 2018 by
Bruce Morton
Entrust Datacard … The tipping point for HTTPS is closing in. Marketers, are you ready? Apple Will Soon Require Certificate…
SSL Review: March 2018
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust…
Chrome Will Show Not Secure for all HTTP Sites Starting July 2018
March 2018 by
Bruce Morton
Through 2017 and into 2018, we have seen the use of HTTPS grow substantially. Last Fall Google announced the following…
Grade Changes to the SSL Server Test – Coming March 2018
February 2018 by
Bruce Morton
Entrust Datacard supports SSL Server Testing as part of our best practices approach to certificate management. This free, web-based service tests server…
Chrome Requires CT after April 2018
February 2018 by
Bruce Morton
The Internet ecosystem has been working towards Chrome’s requirement for certificate transparency (CT) for all SSL/TLS certificates in April 2018….
2018: Looking Back, Moving Forward in SSL
January 2018 by
Bruce Morton
Looking Back at 2017 2017 saw the end of SHA-1 in public trust SSL/TLS certificates and the start of Certification…
ROBOT Attack on RSA Encryption
The Return Of Bleichenbacher’s Oracle Threat (ROBOT) attack takes advantage of an old vulnerability discovered by Daniel Bleichenbacher in 1998. We have previously seen…
SSL Review: November 2017
December 2017 by
Bruce Morton
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard ……
How Can I Protect My Brand TLD?
November 2017 by
Bruce Morton
Originally, there were just seven generic top level domains (gTLDs) and a couple hundred country code TLDs (ccTLDs). In 2012, ICANN announced…
Impact of ROCA on SSL
October 2017 by
Bruce Morton
Return of Coppersmith’s Attack (ROCA) is a vulnerability in the generation of RSA keys used by a software library adopted in cryptographic…
HTTP Public Key Pinning: No Longer a Good Idea
October 2017 by
Bruce Morton
Public Key Pinning was great idea at first. Google used static public keys to protect their websites. In doing so,…
Coming Soon: More “Not secure” Browser Warnings
September 2017 by
Bruce Morton
Chrome currently issues a “Not secure” browser warning for pages accepting password and/or credit card data that are not protected…
SSL Review: May 2017
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
Certificate Transparency Deadline Moved to April 2018
May 2017 by
Bruce Morton
Google just announced they will not be enforcing certificate transparency (CT) logging for all new TLS certificates until April 2018. In…
SSL Review: March 2017
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust Identity ON:…
Bye Bye SHA-1
April 2017 by
Bruce Morton
Entrust Datacard made the decision to stop issuing any type of public trust certificates using the SHA-1 hashing algorithm to…
Maximum Certificate Lifetime Drops to 825-days in 2018
March 2017 by
Bruce Morton
The CA/Browser Forum has taken a progressive step by reducing SSL/TLS certificate lifetimes from 39 months (~1185 days) to 27…
New Mandatory CAA Checking on the Horizon
March 2017 by
Bruce Morton
Certification Authority Authorization (CAA) allows a domain owner to specify in their DNS or DNSSec which Certification Authority (CA) is…
Bad Actors Catalyst Behind New Standards for Code Signing
Code Signing is a cryptographic process to digitally sign executables and scripts. The signature confirms the software author or publisher’s…
2017 Looking Back, Moving Forward
Looking Back at 2016 Fortunately, 2016 was not a year full of SSL/TLS vulnerabilities. Although some researchers did prove old cryptography…
SSL Review: November 2016
Entrust Datacard’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust Identity ON:…
Certificate Transparency Deployment in 2017
November 2016 by
Bruce Morton
Google announced the requirement for Certificate Transparency for all new SSL/TLS certificates in October 2017. This requirement means that Chrome will…
Why is Certificate Expiration Necessary?
October 2016 by
Bruce Morton
The Long Life Certificate – Why It Doesn’t Exist Why is certificate expiration even necessary? Wouldn’t it be better if…
Protect Your Domain with CT Search
How would you know if there have been any unauthorized SSL certificates issued for your domain? How can you protect…
TLS/SSL Comprehensive History
Security is one driving factor in the evolution of technology. Here’s a timeline showing how the history of SSL/TLS and…
Observatory by Mozilla will Make the Internet a Safer Place
Mozilla has released a new website, Observatory, to help developers, system administrators, and security professionals configure their websites safely and…
TLS/SSL Comprehensive History
September 2016 by
Bruce Morton
Security is one driving factor in the evolution of technology. Here’s a timeline showing how the history of SSL/TLS and…
Chrome to Show HTTP Sites as Not Secure
September 2016 by
Bruce Morton
Always-On SSL should be deployed to prevent the “Not secure” warning Website owners who do not secure their website with…
Trust Indication Change in Google Chrome
Google is making security icon changes in the Chrome status bar. The changes are based on a research paper prepared…
THREAT ALERT: How a SWEET32 Birthday Attack is Deployed and How to Pre...
August 2016 by
Bruce Morton
Details surrounding the SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN can be found in the paper…
HEIST Supports BREACH and CRIME Attacks
At Black Hat USA 2016, doctoral candidates Mathy Vanhoef and Tom Van Goethem presented HEIST, an SSL/TLS vulnerability. HEIST is short…
Minimum Requirements for Code Signing Certificates
August 2016 by
Bruce Morton
It is time for an update on the Baseline Requirements for Code Signing. First the bad news, the new standard…
HTTPoxy: Another Reason for HTTPS Everywhere
July 2016 by
Bruce Morton
Emerging vulnerabilities underscore the argument for creating a safer Internet for everyone including domain owners by using HTTPS Everywhere, as…
SSL Review: May 2016
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
Do You Need CT for Non-EV Certificates?
June 2016 by
Bruce Morton
We have been receiving some questions about Certificate Transparency. The main question is should non-EV SSL/TLS certificates be registered in a…
SSL 2.0 and DROWN
A team of researchers has announced a vulnerability with SSL 2.0 called Decrypting RSA with Obsolete and Weakened eNcryption; otherwise known as DROWN. SSL 2.0 is a…
Let’s Test Google Chrome’s Security Overview
March 2016 by
Bruce Morton
I probably missed a Google blog, but when I was checking the details of a TLS certificate with Chrome, I…
Changes to Support SHA-1 Migration
Entrust provides security beyond the TLS certificate. We are a strong supporter of the CA/Browser Forum standards and also support…
What’s the Future for SHA-1 and Browser Users as of January 1, 2...
On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed SSL/TLS certificates. What will happen?…
2016 – Looking Back, Moving Forward
Looking Back at 2015 A number of new tactics proved 2015 was no exception to an active year defending against…
SSL Review: November 2015
Entrust’s monthly SSL review covers SSL/TLS discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
Keep Moving to SHA-2 — Leading Browsers Fast Track SHA-1 Deprecation
Research indicates that SHA-1 signed SSL/TLS certificates face increasing vulnerabilities forcing leading browsers to reconsider how long they will support…
Always-On SSL, The President Wants It Too
September 2015 by
Bruce Morton
In June 2015, the US chief information security officer (CIO) issued a memorandum to mandate HTTPS-only to secure Federal websites…
The Value of EV Certificates
August 2015 by
Bruce Morton
I had the opportunity to review a verification issue last week, and it had me thinking of the value of…
High Severity Vulnerability Found In OpenSSL
July 2015 by
Bruce Morton
OpenSSL has announced a high severity vulnerability, CVE-2015-1793 which will require an upgrade to some OpenSSL installations. The vulnerability was…
What is Server Name Indication?
You have a dilemma. You want to continue to deploy your web service but are running out of IPv4 addresses….
SSL Review: May 2015
Entrust’s monthly SSL review covers SSL discussions “” recaps news, trends and opinions from the industry. Entrust and CA Security…
New SSL Certificates with New Keys Reduce Vulnerabilities
April 2015 by
Bruce Morton
As of April 1st, 2015, the lifetime of SSL certificates has now been reduced to 39 months, in accordance with…
Microsoft Deploys Certificate Reputation
As we have stated previously, website owners have a concern that an attacker can have a certificate issued for their…
Raising the Benefits of HTTP/2 Security
The approval of HTTP/2 by the Internet Engineering Steering Group (IESG) back in mid-February marked the next major version of the network…
What Happened with Live.fi?
Comodo issued an SSL certificate for live.fi. The issue is the certificate requester did not own or control the live.fi…
Private Trust and Proxies
With the news of Superfish, Komodia and PrivDog , there has been some interesting discussion on private trust and HTTPS…
What Happened with Live.fi?
March 2015 by
Bruce Morton
Comodo issued an SSL certificate for live.fi. The issue is the certificate requester did not own or control the live.fi…
20 Years of PKI and Secure Transactions
Almost 20 years ago, the first publicly trusted certification authorities (CAs) began generating their root keys and root certificates, which…
Is Your SSL Server Vulnerable to a FREAK Attack?
FREAK is a new man-in-the-middle (MITM) vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA. FREAK stands…
Update — Chrome 41 Release and SHA-1
When Google Chrome 41 is released, it will treat certificate chains using SHA-1 which are valid past January 1, 2017…
2015 – Looking Back, Moving Forward
This post was originally published on the CA Security Council blog. Looking Back at 2014 End of 1024-bit Security In…
Moving Forward with Certificate Transparency
As we move in 2015, you will start to see Certificate Transparency deployed on EV SSL certificates. Google has required that as of January…
SSL Review: November 2014
December 03, 2014 By Bruce Morton Entrust’s monthly SSL review covers SSL discussions “” recaps news, trends and opinions from…
Infographic: Switching to SHA-2 SSL
In 2005, it was discovered that the secure hash algorithm SHA-1 wasn’t as strong as it was initially thought to be, according…
Secure Your Website with HSTS
This post was originally published on the CA Security Council blog. Is your website secure? One thing to consider is…
Understanding SHA-1 Vulnerabilities “” Is SSL No Longer Secure...
October 2014 by
Bruce Morton
Lately, SSL has come under fire and users may be under the impression that, perhaps, there is a problem with…
Google is Sun-Setting SHA-1 in Upcoming Chrome Releases
Google announced on September 5, 2014, that Chrome will sunset SHA-1 by providing security warnings through the popular browser. SHA-1 is a secure…
Internet of Things – Beware
We are now moving into the deployment of the Internet of Things (IoT). IoT is an attempt to attach uniquely identifiable…
Monitor Your Domains with Certificate Transparency
July 2014 by
Bruce Morton
Over the last few years, we’ve witnessed publicly trusted SSL certificates issued to domain names that were not authorized. These…
More Google Fraudulent Certificates
July 2014 by
Bruce Morton
On July 2, Google became aware of fraudulent certificates that were incorrectly issued to Google-owned domain names. The certificates were issued by…
OCSP Must-Staple
This post was originally published by on the CA Security Council blog. With the announcement of the Heartbleed bug and the…
Moving to TLS 1.2
In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in…
Protect Your Private Keys: Three Easy Steps for Safe Code-Signing
A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,”…
Java Secures Supply Chains through Code Signing
December 2013 by
Bruce Morton
This post was originally published by Bruce Morton & Erik Costlow on the CA Security Council blog. We have recently discussed the…
IETF 88 – Pervasive Surveillance
December 2013 by
Bruce Morton
This post was originally published on the CA Security Council blog. Internet Surveillance The big news at IETF 88 in Vancouver…
Securing Software Distribution with Digital Code Signing
This post was originally published on theCA Security Council blog. Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill…
Chrome Shows SSL Warning for Non-FQDNs
Entrust completed an internal test recently and was surprised by a warning from Google Chrome version 30. The test case…
How is Your Browser Performing?
October 2013 by
Bruce Morton
We always discuss SSL deployment best practices. These are the actions the Web server administrator takes. These are important to discuss,…
Secure Non-Registered Domains with New Private SSL Certificates
October 2013 by
Bruce Morton
Are you an SSL certificate owner that has SSL certificates that protect non-registered domains? What are non-registered domains? Well, let’s…
Do You Have a New gTLD?
October 2013 by
Bruce Morton
The Internet Corporation for Assigned Names and Numbers (ICANN) is currently approving many generic top-level domains (gTLDs). What are gTLDs?…
Updated SSL/TLS Deployment Best Practices
First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment Best Practices document. This is…
DNS Registrar Vulnerabilities
Watchers of the SSL industry follow SSL protocol attacks such as BEAST, CRIME, Lucky 13 and RC4 closely. They also track the rare certification authority (CA)…
Public Key Pinning
September 2013 by
Bruce Morton
This post was originally published on the CA Security Council blog. The current browser-certification authority (CA) trust model allows a website…
Why Do I Need UC Multi-Domain SSL Certificates?
August 2013 by
Bruce Morton
This certificate is sometimes called unified communications certificate (UCC), multi-domain certificate or multi-SAN certificate. In this posting, we will call…
CAs Being Audited to Baseline Requirements
August 2013 by
Bruce Morton
Certification authorities (CA) have always been compliance-minded and have historically imposed third-party audits upon themselves. The CAs disclose their requirements…
Moving to 2048-bit Keys
July 2013 by
Bruce Morton
In the last few months, I have been reading blog posts (e.g., Google and Evernote) about certificate subscribers changing their keys from 1024-bit…
CAs Support Standards and Regulations
May 2013 by
Bruce Morton
This post was originally published on the CA Security Council blog. There is an industry myth that certification authorities (CAs) are…
Could be Problems with New gTLDs
May 2013 by
Bruce Morton
The PayPal information risk management team warns that the introduction of new generic top-level domains, or gTLDs, could impact security. For many…
Firefox to Block Mixed Content
Congratulations, Mozilla, on your plan to release Firefox 23 that will block mixed content. Website owners who have mixed-content pages will…
SSL Fingerprints
Are your secure SSL communications being compromised by a man-in-the-middle (MITM) attack? This issue came up when it was discovered…
RC4, CBC, what the …?
We had the BEAST attack and it was said, “Prioritize RC4 cipher suite.” We had the Lucky Thirteen attack and it was said again, “Prioritize…
IETF 86 – Web PKI Working Group
March 2013 by
Bruce Morton
At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the…
SSL Certificate Status Checking
As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs…
Mozilla Endorses SSL Baseline Requirements
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA)…
Lights Out: Super Bowl and OCSP
February 2013 by
Bruce Morton
We were monitoring the performance of our OCSP service over the weekend and found an odd dip. In this case,…
What is Time Stamping?
June 2012 by
Bruce Morton
What happens to signed code when the code signing certificate expires? In many cases, an expired certificate means that the…