Tag Archives: certificate transparency

SSL Review: March 2014, part 2

April 2, 2014 by Bruce Morton     No Comments

Entrust’s monthly review of SSL discussions — and likely other digital certificates — recaps news, trends and opinions from the industry. Entrust and CA Security Council Entrust Identity ON discussed: 2014 – Looking Back, Moving Forward Elliptic-Curve Cryptography, Simplified Who will Control ICANN? Your Audit Report has Expired CA Security Council discussed: Think Twice Before [Read More...]

Filed Under: SSL Tagged With: certificate transparency, SSL, SSL Review

Certificate Reputation

March 10, 2014 by Bruce Morton     No Comments

One of the advantages of the SSL industry is that certificates can be issued from most trusted certification authorities (CAs). This allows certificate customers flexibility in choosing their CA or deciding to use a number of CAs. The disadvantage is the end-user does not know if the CA was authorized to issue the certificate and [Read More...]

2014 – Looking Back, Moving Forward

March 3, 2014 by Bruce Morton     1 Comment

Looking Back at 2013 Protocol Attacks The year started with a couple of SSL/TLS protocol attacks: Lucky Thirteen and RC4 attack. Lucky Thirteen allows the decryption of sensitive information, such as passwords and cookies, when using the CBC-mode cipher suite. Lucky Thirteen can be mitigated by implementing software patches or preferring the cipher suite RC4. [Read More...]

TURKTRUST Unauthorized CA Certificates

January 4, 2013 by Bruce Morton     No Comments

Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.

SSL – Privacy, Integrity, Authenticity

November 29, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

Certificate Transparency Birds of a Feather

November 19, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

Certificate Transparency

August 17, 2012 by Bruce Morton     3 Comments

I mentioned in an earlier blog, about certification authority authorization (CAA), that one of the issues of having many public CAs is that any or all can issue SSL certificates for any domain. Certificate Transparency (CT) is another proposed method to resolve this issue. The draft CT specification states the following goals: The goal is [Read More...]