Tag Archives: Public-key cryptographyPublic-key cryptography

IETF 86 – Web PKI Working Group

March 22, 2013 by Bruce Morton     No Comments

At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group.

Mozilla Endorses SSL Baseline Requirements

February 27, 2013 by Bruce Morton     2 Comments

The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.

Certificate Authority Security Council

February 14, 2013 by Bruce Morton     No Comments

Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.

Lights Out: Super Bowl and OCSP

February 4, 2013 by Bruce Morton     No Comments

We were monitoring the performance of our OCSP service over the weekend and found an odd dip related to the Super Bowl.

TURKTRUST Unauthorized CA Certificates

January 4, 2013 by Bruce Morton     No Comments

Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.

SSL – Privacy, Integrity, Authenticity

November 29, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

Certificate Transparency Birds of a Feather

November 19, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

Web PKI Birds of a Feather

November 7, 2012 by Bruce Morton     No Comments

At the Internet Engineering Task Force (IETF) 85 conference, there was a Birds of a Feather (BoF) meeting on Web PKI operations.

Adobe Code-Signing Certificate Compromised

October 3, 2012 by Bruce Morton     No Comments

Adobe announced they received two malicious utilities signed by a valid Adobe code-signing certificate. The code-signing certificate was compromised though an attack on their code-signing system. The code-signing certificate will be revoked on October 4, 2012, and will impact all code being signed after July 12, 2012. A supporting security advisory has been issued. The [Read More...]

CRIME Attack on SSL/TLS

September 10, 2012 by Bruce Morton     No Comments

The security researchers who brought us BEAST now have a new SSL/TLS attack: CRIME. I would like to know what the acronym CRIME stands for, but we’ll probably have to wait until Juliano Rizzo and Thai Duong present their work at Ekoparty Security Conference later this month. Little information about the attack has been published. [Read More...]