Logo

PKI Consortium blog

Posts by tag Apple

    An open letter to Apple
    March 21, 2022 by PKI Consortium Apple PKIC
    We would like to thank and also invite Apple to work more closely with organizations such as the CA/Browser Forum, ETSI and the PKI Consortium to address its concerns, work towards harmonization of policies and to support standardized automation in its software before making any changes on its own. This is because unilaterally enforced policies, especially those that go beyond your own root program, can have a disproportionate impact on PKI implementations, its relying parties and the entire ecosystem.

    One Year Certs
    July 9, 2020 by Patrick Nohe (GlobalSign) Apple CA/Browser Forum DV Google Identity Microsoft PKI Policy Root Program SHA1 SHA2 SSL/TLS
    Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

    The CA Security Council Looks Ahead to 2020 and Beyond
    January 9, 2020 by Patrick Nohe (GlobalSign), Doug Beattie (GlobalSign) Apple CA/Browser Forum Chrome Edge Encryption EV Firefox Forward Secrecy GDPR Google Identity Microsoft Mozilla PKI Policy Qualified SSL 3.0 SSL/TLS TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 Web PKI

    A whirlwind of activity will cause dramatic shifts across the PKI world in the year ahead

    Suffice it to say that 2019 was filled with challenges and contentiousness as Certificate Authorities and Browsers began to watch their shared visions diverge. The debate around Extended Validation continued as CAs pushed for a range of reforms and browsers pushed to strip its visual indicators. And a ballot to shorten maximum certificate validity periods exposed fault-lines at the CAB Forum.

    Online Identity Is Important: Let’s Upgrade Extended Validation
    October 21, 2019 by Patrick Nohe (GlobalSign) Apple CA/Browser Forum Chrome Code Signing Encryption EV Google Identity Mozilla Phishing SSL/TLS

    It’s time for the CA/Browser Forum to focus on the other half of its mandate

    Let’s have a candid discussion about Extended Validation SSL. What’s working. What’s NOT. And what can be done to fix it so that all parties involved are satisfied.

    CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly
    December 6, 2018 by Bruce Morton (Entrust), Chris Bailey (Entrust), Jay Schiavo (Entrust) Apple Attack CASC Chrome DV Encryption EV Firefox Google Identity IETF Malware Microsoft Phishing SSL/TLS TLS 1.0 TLS 1.2 TLS 1.3

    As the legendary coach of the NY Yankees Yogi Berra allegedly said, “It’s difficult to make predictions, especially about the future.”  But we’re going to try.

    Here are the CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly.

    The Good

    Prediction: By the end of 2019, over 90% of the world’s http traffic will be secured over SSL/TLS

    CA/Browser Forum Governance Reform
    May 18, 2018 by Dean Coclin Apple CA/Browser Forum Code Signing Policy S/MIME SSL/TLS

    In March 2016, the CA/Browser Forum formed a working group to review potential ways to restructure the forum. The primary goal was to examine ideas so the Forum could work on other types of standards besides TLS. Ben Wilson and I chaired this group with excellent participation from a cross functional team of browser and certificate authority representatives as well as interested parties. After 2 years of efforts, the working group produced Ballot 206 which passed in April 2017. This created new bylaws which will go into effect on July 3, 2018.

    2017 – Looking Back, Moving Forward
    January 13, 2017 by Bruce Morton (Entrust) 3DES Apple Attack CA/Browser Forum CAA Chrome Code Signing Encryption Firefox Google Identity Malware MITM Policy Revocation RSA SSL 3.0 SSL/TLS TLS 1.3 TSA Vulnerability

    Looking Back at 2016

    Fortunately, 2016 was not a year full of SSL/TLS vulnerabilities. Although some researchers did prove old cryptography algorithms should be put out to pasture. The year showed the end of public-trusted SHA-1 SSL/TLS certificates. It also showed more transparency should be considered due to issues discovered with a few certification authorities (CAs). The great news is HTTPS is no longer the minority — after 20 years, connections using HTTPS has surpassed HTTP.

    Trust on the Public Web – The Consequences of Covert Action
    November 11, 2016 by Dean Coclin Apple Chrome Firefox Mis-issued Mozilla SSL/TLS

    You may have heard in the news that the Chinese Certificate Authority, WoSign, was caught backdating SHA-1 certificates to make it look like they were issued before the December 31, 2015 deadline. Why is this newsworthy?  For web-based security to remain an integral part of an ecosystem used every day by millions of people around the world, it all comes down to Trust; trust in the organization issuing the certificates, trust in the browsers that validate and display certificate information to the user, and trust by relying parties browsing web pages secured by certificates. Without trust, worldwide commerce and security on the web are at risk.

    What Will Happen With SHA-1 and Browser Users on January 1st, 2016?
    January 5, 2016 by Bruce Morton (Entrust) Android Apple Chrome Firefox Google Mozilla SSL/TLS Vulnerability

    On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed SSL/TLS certificates. What will happen?

    Will all websites using SHA-1 fail? No. SHA-1 will be supported by browsers and operating systems through 2016. Microsoft and Mozilla have announced that Windows and Firefox will not support SHA-1 in 2017, but no change for 2016. We expect Apple to follow the same protocol.

    What about Chrome? Chrome will still provide warning indications in the browser status bar for SHA-1 signed certificates which expire in 2016 and in 2017 or later. No change.

    Practical Steps to Counter the Logjam Attack
    May 26, 2015 by Kirk Hall (Entrust) Apple Attack Encryption Google MITM SSL/TLS Vulnerability

    Another flaw has been found in the basic encryption algorithms that secure the Internet. This flaw, named the Logjam attack by its discoverers (researchers from various universities and companies), allows an attacker that can carry out man-in-the-middle (MitM) attacks to weaken the encryption used in secure connections (such as HTTPS, SSH, and VPNs). In theory, this means that an attacker (with sufficient resources) can break the encryption and read the “secure” traffic.

    Participate in our community discussions and/or join the consortium