PKI Consortium blog

Show posts by Author, Tag or Series

What is the PKI Maturity Model (PKIMM) and how can you contribute?
July 11, 2022 by Roman Cinkais (3Key Company) Maturity model PKIC PKIMM
The PKI Consortium recently established the PKI Maturity Model Working Group to build a PKI maturity model that will be recognized around the globe as a standard for evaluation, planning, and comparison between different PKI implementations. In this blog post we will tell you more about why we are building the model and how you can contribute to it.

An open letter to Apple
March 21, 2022 by PKI Consortium Apple PKIC
We would like to thank and also invite Apple to work more closely with organizations such as the CA/Browser Forum, ETSI and the PKI Consortium to address its concerns, work towards harmonization of policies and to support standardized automation in its software before making any changes on its own. This is because unilaterally enforced policies, especially those that go beyond your own root program, can have a disproportionate impact on PKI implementations, its relying parties and the entire ecosystem.

PKI Consortium & ETSI sign Memorandum of Understanding (MoU)
March 3, 2022 by Sándor Szőke (Microsec) ETSI PKIC
On 26 January PKI Consortium and ETSI signed a Memorandum of Understanding (MoU) to structure and strengthen the relationship between both organizations and foster a closer relationship.

Creating a global List of Trust Lists
November 24, 2021 by Paul van Brouwershaven (Entrust) LTL
The PKI Consortium is curating a global List of Trust Lists (a curated list of root, intermediate or issuing CA certificates accepted by a public, private, industry, or solution-specific PKI), one that is not limited to a specific purpose, region, or size, and is open to anyone to contribute.

Increasing support and awareness for Remote Key Attestation
August 3, 2021 by Paul van Brouwershaven (Entrust), Tomas Gustavsson (Keyfactor), Giuseppe Damiano HSM Key Attestation Secure Enclave Smart-card Token TPM
The PKI Consortium is collecting information (and looking for contributions) on how or if solutions provide a method to prove to a remote party that a private key was generated, managed inside, and not exportable from, a hardware cryptographic module.

From CASC to the Public Key Infrastructure Consortium
July 12, 2021 by Chris Bailey (Entrust), Paul van Brouwershaven (Entrust) CASC PKI PKIC
Over the years, the need for private, industry, or solution-specific PKI has grown significantly, with stricter policies and the revocation of certificates and CAs becoming more common. The impact of changes in centralized PKI have caused delays and disruption of third-party services that may or may not have been considered. Any PKI (public, private, or specific) must operate according to best practices, clear policies and without a single point of failure.

One Year Certs
July 9, 2020 by Patrick Nohe (GlobalSign) Apple CA/Browser Forum DV Google Identity Microsoft PKI Policy Root Program SHA1 SHA2 SSL/TLS
Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

Could Quantum Computing Help Stave Off the Next Great Pandemic?
June 11, 2020 by Patrick Nohe (GlobalSign) Quantum RSA SSL/TLS
As we settle into month two of isolation in the world’s collective battle against the COVID-19 pandemic, one talking point you’ve undoubtedly heard time and again is that this won’t truly be over until there’s a vaccine. A post about how quantum computing could simplify it and reduce the time it takes exponentially.

How to do HTTPS … The Right Way
June 2, 2020 by Corey Bonnell (DigiCert) CAA Identity Phishing Site Seal SSL/TLS
With secure HTTP — aka HTTPS (the “S” is short for “secure”) — swiftly becoming universal on the Internet, it is important to know how to configure HTTPS for your website the right way. The payoff for properly securing your website has many benefits.

Don’t ‘Compromise’ Your Code Amid Malware Mayhem
May 12, 2020 by Abul Salek (Sectigo) CA/Browser Forum Code Signing EV FIPS HSM Malware Microsoft Phishing SSL/TLS
Code Signing Certificates demand a price premium in the underground online marketplace. This is no surprise considering that criminals sometimes use them to dupe their potential victims into installing malware in their machine.

Participate in our community discussions and/or join the consortium