Public Key Pinning Extension for HTTP
In 2011, Google added public key pinning to Chrome. They white-listed the certification authority public keys that could be used to secure Google domains.
All SSL and Digital Certificates Are the Same, Right? Wrong
If all digital certificates are the same, why choose anything but the basic certificate? Because all certificates are not the same. Currently, there are three classes of digital certificates as recognized by the CA/Browser Forum: Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). There is a common misconception that the only difference in [Read More...]
Survey: Site Seals vs Reliable Security – Which is Most Important?
There is a lot of hype right now about a major player in the SSL security space “rebranding” itself as the go-to SSL provider. But hype and big brand names alone shouldn’t influence security buying decisions. While this sounds logical, too many companies and organizations pay a premium for an over-marketed SSL trust seal. Entrust [Read More...]
Dutch Government: PKI alternatives, replacements not on horizon
In July 2011, Dutch certification authority (CA) DigiNotar experienced a security incident that affected the national security infrastructure of both governmental and non-governmental bodies in the Netherlands. The government commissioned a report looking into the incident and the broader CA/SSL market. One of the conclusions of the Dutch government’s report is that alternatives to PKI [Read More...]
Leveraging Consumerization Concepts to Combat Security Threats
Let me be clear right up front. Yes, cybersecurity threats are real. Yes, they are growing in volume and in sophistication. And, yes, they are the root of the problem. BUT, one of the underlying frustrations I have with the cyber-threat situation is that, in general, many organizations remain anything but creative and strategic when [Read More...]