You may have heard in the news that the Chinese Certificate Authority, WoSign, was caught backdating SHA-1 certificates to make it look like they were issued before the December …
The policy change goes into effect October 2017 A recent Google announcement stated that all publicly trusted SSL/TLS certificates issued in October 2017 or later will …
Google
I wrote about the next version of the HTTP protocol 18 months ago. Since then, HTTP/2 has gained significant traction, but not without generating some controversy along the way. …
The Long Life Certificate – Why It Doesn’t Exist Why is certificate expiration even necessary? Wouldn’t it be better if I could just buy a certificate with a long life …
OpenSSL
There is no doubt that content owners and publishers have a duty to encourage trust and the confidence during internet usage by adopting security best practices. If a customer …
Always-On SSL should be deployed to prevent the “Not secure” warning Website owners who do not secure their website with an SSL/TLS certificate will have to rethink …
Details surrounding the SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN can be found in the paper released by Karthikeyan Bhargavan and Gaëtan Leurent from …
Google is making security icon changes in the Chrome status bar. The changes are based on a research paper prepared by members of Google and University of California, Berkeley. The …
It is time for an update on the Baseline Requirements for Code Signing. First the bad news, the new standard was not approved by the CA/Browser Forum due to philosophical …
It might be hard to believe, but the SSL/TLS Ecosystem is nearly 20 years old. It’s time to take stock and see how we’re doing with regards to TLS certificates. In this article, …
