Moving to TLS 1.2
In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in RFC 5246 in August 2008 and is the most secure version of SSL/TLS protocol. Although TLS 1.2 has been available for a few years, it is not well deployed. SSL Pulse indicates that [Read More...]
Securing Software Distribution with Digital Code Signing
This post was originally published on the CA Security Council blog. Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world. As the commonly referred to “Internet of things” continues to grow, consumers have access to millions of applications for their [Read More...]
Updated SSL/TLS Deployment Best Practices
First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment Best Practices document. This is a simple overview of what a Web server administrator should consider in an SSL deployment. I am also looking forward to Ristic’s book, “Bulletproof SSL/TLS and PKI,” which hopefully will be released sometime soon. Version [Read More...]
Myths about CAs and SSL
In following the SSL industry, there are always comments about certification authorities (CAs) and their practices. In many cases, the Certificate Authority Security Council (CASC) considers these comments to be myths. As such, the CASC has collected these myths and provided responses, which some editors have published. Please read and you will find responses to [Read More...]
Self-Signed Certificates don’t deliver Trust
We’ve heard the argument that website operators could just use self-sign certificates. They are easy to issue and they are “free.” Before issuing self-signed certificates, it’s a good idea to examine the trust and security model. You should also compare self-signed certificates to the publicly trusted certification authority (CA) model; and then make your own decision.
SSL Certificate Status Checking
As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs on the importance of revocation checking
Certificate Authority Security Council
Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.