PKI Consortium blog

Posts by author Robin Alden

    Intermediate CA Certificates and Their Potential For Misuse For Man-In-The-Middle Attacks
    January 9, 2014 by Robin Alden (Sectigo) Attack Firefox Google MITM Policy Root Program SSL/TLS Vulnerability
    We have seen recently that Google detected that publicly trusted TLS/(SSL) certificates had been created for Google domains without having been requested by Google themselves. The existence of such certificates might usually be taken as an indication of misissuance by the issuing CA (i.e. a failure or mistake by the CA which allowed the issuance of an end-entity certificate otherwise than in accordance with their policy) or as an indication of compromise of the issuing CA.

    CAs Unite
    February 14, 2013 by Robin Alden (Sectigo) Announcement CA/Browser Forum CASC SSL/TLS
    Today marks an important day for internet security and future SSL enhancements, as the world’s seven largest publicly trusted Certificate Authorities are announcing the formation of the Certificate Authority Security Council. While leading CAs have worked together for years to address security challenges and meet them with evolving and increasingly strict standards and best practices through the CA/Browser Forum and other industry venues, we’ve lacked a union where we can come together and speak with a unified CA voice.

    Participate in our community discussions and/or join the consortium