IETF 86 – Web PKI Working Group
At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group.
Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a [Read More...]
Self-Signed Versus Trusted CA Certificates
In most cases you have to sign your code in order to get it installed on the operating system. You can sign your code using a self-signed certificate or using a certificate issued by a publicly-trusted CA. Due to the costs of buying a code signing certificate from a publicly-trusted CA, some users will decide [Read More...]
What is Time-Stamping?
What happens to signed code when the code signing certificate expires? In many cases, an expired certificate means that the signature validation will fail and a trust warning will appear in the browser. Time-stamping was designed to alleviate this problem. The idea is that at the time, at which the code is signed, the certificate [Read More...]