PKI Consortium blog

Show posts by Author, Tag or Series

An open letter to Apple
March 21, 2022 by PKI Consortium Apple PKIC
We would like to thank and also invite Apple to work more closely with organizations such as the CA/Browser Forum, ETSI and the PKI Consortium to address its concerns, work towards harmonization of policies and to support standardized automation in its software before making any changes on its own. This is because unilaterally enforced policies, especially those that go beyond your own root program, can have a disproportionate impact on PKI implementations, its relying parties and the entire ecosystem.

PKI Consortium & ETSI sign Memorandum of Understanding (MoU)
March 3, 2022 by Sándor Szőke (Microsec) ETSI PKIC
On 26 January PKI Consortium and ETSI signed a Memorandum of Understanding (MoU) to structure and strengthen the relationship between both organizations and foster a closer relationship.

Creating a global List of Trust Lists
November 24, 2021 by Paul van Brouwershaven (Entrust) LTL
The PKI Consortium is curating a global List of Trust Lists (a curated list of root, intermediate or issuing CA certificates accepted by a public, private, industry, or solution-specific PKI), one that is not limited to a specific purpose, region, or size, and is open to anyone to contribute.

Increasing support and awareness for Remote Key Attestation
August 3, 2021 by Paul van Brouwershaven (Entrust), Tomas Gustavsson (Keyfactor), Giuseppe Damiano HSM Key Attestation Secure Enclave Smart-card Token TPM
The PKI Consortium is collecting information (and looking for contributions) on how or if solutions provide a method to prove to a remote party that a private key was generated, managed inside, and not exportable from, a hardware cryptographic module.

From CASC to the Public Key Infrastructure Consortium
July 12, 2021 by Chris Bailey (Entrust), Paul van Brouwershaven (Entrust) CASC PKI PKIC
Over the years, the need for private, industry, or solution-specific PKI has grown significantly, with stricter policies and the revocation of certificates and CAs becoming more common. The impact of changes in centralized PKI have caused delays and disruption of third-party services that may or may not have been considered. Any PKI (public, private, or specific) must operate according to best practices, clear policies and without a single point of failure.

One Year Certs
July 9, 2020 by Patrick Nohe (GlobalSign) Apple CA/Browser Forum DV Google Identity Microsoft PKI Policy Root Program SHA1 SHA2 SSL/TLS
Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

Could Quantum Computing Help Stave Off the Next Great Pandemic?
June 11, 2020 by Patrick Nohe (GlobalSign) Quantum RSA SSL/TLS
As we settle into month two of isolation in the world’s collective battle against the COVID-19 pandemic, one talking point you’ve undoubtedly heard time and again is that this won’t truly be over until there’s a vaccine. A post about how quantum computing could simplify it and reduce the time it takes exponentially.

How to do HTTPS … The Right Way
June 2, 2020 by Corey Bonnell (DigiCert) CAA Identity Phishing Site Seal SSL/TLS
With secure HTTP — aka HTTPS (the “S” is short for “secure”) — swiftly becoming universal on the Internet, it is important to know how to configure HTTPS for your website the right way. The payoff for properly securing your website has many benefits.

Don’t ‘Compromise’ Your Code Amid Malware Mayhem
May 12, 2020 by Abul Salek (Sectigo) CA/Browser Forum Code Signing EV FIPS HSM Malware Microsoft Phishing SSL/TLS
Code Signing Certificates demand a price premium in the underground online marketplace. This is no surprise considering that criminals sometimes use them to dupe their potential victims into installing malware in their machine.

Digital Trust Is Elusive – Are Qualified Trust Services A Solution?
May 1, 2020 by Sebastian Schulz Attack eIDAS ENISA ETSI Phishing Policy QTSP Qualified SSL/TLS Trust List TSP
A popular saying goes: “Trust takes years to build, seconds to break, and forever to repair.” While I wouldn’t completely agree, the idea isn’t wrong. In real life trust between two parties is established over some period of time, depending on a variety of factors. Have you ever wondered why you initially trust some people more and others less, even if you’ve never met them before? There are a complicated multitude of factors that influence our thoughts: the person’s appearance, tone of voice, title or rank, etc.

Participate in our community discussions and/or join the consortium