Mozilla Endorses SSL Baseline Requirements
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.
SSL – Privacy, Integrity, Authenticity
I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.
SSL News from Black Hat and DEF CON
I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred [Read More...]
Phishing with SSL
I read an article from Netcraft about Phishing on sites using SSL certificates. It reminded me that the industry has been working on anti-phishing for many years. In 2005, the SSL industry created the CA/Browser Forum. One of the issues was to create a new SSL certificate that would fight phishing. The result was the [Read More...]
Just thought I would let you know about a podcast called Sophos Techknow – Understanding SSL. Hopefully there won’t be much new for the regular readers of this blog, but the information may be valuable for those new to the SSL industry. I did want to make note of a few things. The podcasters discuss [Read More...]
What is TACK?
Two researchers have prepared a draft standard for the Internet Engineering Task Force to help extend the trust of SSL certificates. The approach is Trust Assertions for Certificate Keys, or TACK, and was prepared by Trevor Perrin and Moxie Marlinspike. TACK is an SSL extension that enables a Web server to assert the authenticity of [Read More...]