IETF 86 – Web PKI Working Group
At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group.
Mozilla Endorses SSL Baseline Requirements
The CA/Browser Forum SSL Baseline Requirements have been endorsed by Mozilla and have been included in their certificate authority (CA) certificate policy.
SSL Certificates without Non-FQDNs
The CA/Browser Forum decided to mitigate the risk by deprecating the issuance of certificates with non-FQDNs.
Certificate Authority Security Council
Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.
Lights Out: Super Bowl and OCSP
We were monitoring the performance of our OCSP service over the weekend and found an odd dip related to the Super Bowl.
TURKTRUST Unauthorized CA Certificates
Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.
SSL – Privacy, Integrity, Authenticity
I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.
Web PKI Birds of a Feather
At the Internet Engineering Task Force (IETF) 85 conference, there was a Birds of a Feather (BoF) meeting on Web PKI operations.
On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families. To support digital certificates, the hashing function is used by the certification authority (CA) to put its [Read More...]
CRIME Attack on SSL/TLS
The security researchers who brought us BEAST now have a new SSL/TLS attack: CRIME. I would like to know what the acronym CRIME stands for, but we’ll probably have to wait until Juliano Rizzo and Thai Duong present their work at Ekoparty Security Conference later this month. Little information about the attack has been published. [Read More...]