Digital Trust Is Elusive – Are Qualified Trust Services A Solution?
May 1, 2020 by
Sebastian Schulz
Attack
eIDAS
ENISA
ETSI
Phishing
Policy
QTSP
Qualified
SSL/TLS
Trust List
TSP
A popular saying goes: “Trust takes years to build, seconds to break, and forever to repair.”
While I wouldn’t completely agree, the idea isn’t wrong. In real life trust between two parties is established over some period of time, depending on a variety of factors. Have you ever wondered why you initially trust some people more and others less, even if you’ve never met them before? There are a complicated multitude of factors that influence our thoughts: the person’s appearance, tone of voice, title or rank, etc. Trust is established over time but can be lost within a few moments.
Preparing for Quantum Computing
April 21, 2020 by
Diana Gruhn
(Entrust)
ECC
IETF
NIST
Quantum
RSA
Quantum computing is advancing, and while experts are not sure when there will be a quantum computer powerful enough to break the RSA and ECC cryptographic algorithms that are currently in use, many are operating under the assumption that this can happen within a 10-15 year timeframe.
5 Ways to Keep Up with Authentication Certificates
February 24, 2020 by
Arvid Vermote
Code Signing
Encryption
Identity
ISO
Malware
Microsoft
PKI
SSL/TLS
When it comes to protecting an organization’s data and users, CISOs have no shortage of hurdles. Identity attacks have become sophisticated and convincing, thanks to ransomware, phishing and deep fakes. CISOs have long known the importance of strong identification and authentication controls, but with threats constantly changing and intensifying, having these controls in place is just one piece of the puzzle; they must be managed correctly in order to do their job.
The CA Security Council Looks Ahead to 2020 and Beyond
January 9, 2020 by
Patrick Nohe
(GlobalSign),
Doug Beattie
(GlobalSign)
Apple
CA/Browser Forum
Chrome
Edge
Encryption
EV
Firefox
Forward Secrecy
GDPR
Google
Identity
Microsoft
Mozilla
PKI
Policy
Qualified
SSL 3.0
SSL/TLS
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
Web PKI
A whirlwind of activity will cause dramatic shifts across the PKI world in the year ahead
Suffice it to say that 2019 was filled with challenges and contentiousness as Certificate Authorities and Browsers began to watch their shared visions diverge. The debate around Extended Validation continued as CAs pushed for a range of reforms and browsers pushed to strip its visual indicators. And a ballot to shorten maximum certificate validity periods exposed fault-lines at the CAB Forum.
Chrome Kills Mixed Content for HTTPS
December 6, 2019 by
Bruce Morton
(Entrust)
Attack
Chrome
Firefox
Mixed Content
Policy
SSL/TLS
In a phased approach, Chrome plans to block mixed content on secure websites to improve user security. Most browsers already block some mixed content such as scripts and iframes by default. Chrome is amping it up by gradually taking steps to also block images, audio recordings and videos, according to a recent Google Security blog. Preventing mixed content to load will eventually result in HTTPS websites losing their security indicator downgrading the site to HTTP, which alerts visitors that the site is not secure.
Online Identity Is Important: Let’s Upgrade Extended Validation
October 21, 2019 by
Patrick Nohe
(GlobalSign)
Apple
CA/Browser Forum
Chrome
Code Signing
Encryption
EV
Google
Identity
Mozilla
Phishing
SSL/TLS
It’s time for the CA/Browser Forum to focus on the other half of its mandate
Let’s have a candid discussion about Extended Validation SSL. What’s working. What’s NOT. And what can be done to fix it so that all parties involved are satisfied.
The Insecure Elephant in the Room
October 10, 2019 by
Paul Walsh
2FA
Android
Attack
Chrome
DV
Encryption
EV
Firefox
Google
Identity
Malware
Microsoft
Mozilla
Phishing
Policy
Revocation
SSL/TLS
Vulnerability
W3C
The purpose of this article
The purpose of this article is to demonstrate why I believe browser-based UI for website identity can make the web safer for everyone. I explain in great detail, the reasons why the UI and UX didn’t work in the past. And what’s left is only making the problem worse instead of better.
Why Are You Removing Website Identity, Google and Mozilla?
August 27, 2019 by
Kirk Hall
(Entrust),
Tim Callan
(Sectigo)
CA/Browser Forum
Chrome
DV
Encryption
EV
Firefox
GDPR
Google
Identity
Malware
Mozilla
Phishing
SSL/TLS
You can’t have consumer privacy without having strong website identity
Today there’s a huge wave toward protecting consumer privacy – in Congress, with the GDPR, etc. – but how can we protect user privacy on the web without establishing the identity of the websites that are asking for consumer passwords and credit card numbers? Extended Validation (EV) certificates provide this information and can be very useful for consumers.
9 Common Myths About CAs
August 1, 2019 by
Tim Callan
(Sectigo)
CA/Browser Forum
CASC
Code Signing
Encryption
ETSI
Identity
Malware
PKI
Qualified
Revocation
SSL/TLS
Vulnerability
WebTrust
Over the years misconceptions about CAs and the SSL infrastructure have arisen. Below is a list of common myths related to SSL and CAs.
Myth #1: CAs are not regulated
Fact: CAs are subject to various checks and balances, including third-party qualified audits through WebTrust or ETSI and strict criteria set forth by leading browsers, before they are accepted in browser root stores. Similarly, the CA/Browser Forum’s Baseline Requirements and Network Security Guidelines establish global standards for certificate issuance and CA controls that will soon be included in third-party auditing standards. Browsers are free to use these requirements to exclude non-compliant CAs from the root store.
The Advantages of Short-Lived SSL Certificates for the Enterprise
July 18, 2019 by
Doug Beattie
(GlobalSign)
CRL
Mozilla
Revocation
SSL/TLS
Vulnerability
Short validity period certificates are becoming ever more common to reduce the scope of data compromised if a server vulnerability is uncovered, such as HeartBleed. Good security practice dictates changing keys on a regular basis, normally annually, but if you want to limit your exposure further, you can replace your certificates and underlying keys more frequently.
Sandstorm is an open source server software that makes it easy to install web apps. In order to solve the problem of setting up DNS without too much complication, Sandstorm announced the release of Sandcats.io. Sandcats.io is a free DNS service which takes 120 seconds to go from an empty Linux virtual machine to a working personal server with a DNS name and HTTPS. The DNS service runs on the sandcats.io server while the “personal server” runs on each individual customers’ computers.
