Entrust Datacard provides information on TLS 1.3 and phone domain name validation methods:
CA / Browser Forum improves domain name and IP address validation by updating requirements and removing the test certificate validation method:
- Ballot SC7: Update IP Address Validation Methods
- Ballot SC14: Updated Phone Validation Methods
- Ballot SC15: Remove Validation Method Number 9
Bulletproof TLS Newsletter #50 discusses DarkMatter from the United Arab Emirates operates a certificate authority
Other News and Notes:
- David Wong discusses Bleichenbacher’s work and how it is close to impossible to correctly implement the RSA PKCS#1 v1.5 encryption scheme. See Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries.
- Wayne Thayer discusses Why Does Mozilla Maintain Our Own Root Certificate Store? and how it brings security and privacy to individuals on the internet.
- Steve Roylance provides Legal Entity Identifier in Digital Certificates — Best Practice Definitions. There are references to articles discussing why CAs should embrace LEIs.
- Craig Young will introduce Zombie POODLE and GOLDENDOODLE at Black Hat Asia in March 2019.
- The Hashedout blog suggests You should be using ECC for your SSL/TLS certificates.
- Microsoft will stop supporting SHA-1 for code signing certificates. See 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
EFF says, “Don’t use ETS, don’t implement it, and don’t standardize it.” See ETS Isn’t TLS and You Shouldn’t Use It.