PKI Consortium blog
Posts by tag CRL
The Importance of Revocation Checking Part 2: A Real World Example
March 11, 2013 by Wayne Thayer Attack Code Signing CRL Encryption Identity Malware OCSP Revocation SSL/TLS
Just last week, a new security incident related to certificate revocation checking made headlines. It was discovered that a legitimate website was hosting a malicious Java application that installed malware on the computers of people who visited the site. This comes after recent updates that introduced Security Level settings in Java, and then raised the default from Medium to High. At the high level, users are shown a warning before any unsigned Java code is executed.
The Importance of Checking for Certificate Revocation
March 9, 2013 by Rick Andrews Attack CRL Identity Malware MITM OCSP Revocation SSL/TLS
Certificates are typically valid for one to three years, and during that time it’s possible that the web site owner or the CA realizes that end users should not trust the certificate. There are several cases in which this might happen, including these: The web site owner ceases doing business, no longer owns the domain name used in the certificate, has changed their organization name, or wishes to shut down the web server.
Certificate Revocation and OCSP Stapling
February 14, 2013 by CA Security Council Attack CASC CRL IETF OCSP Revocation SSL/TLS
Revocation As a body of global CAs, the CA Security Council is committed to educating server administrators, end-users and other interested parties about SSL enhancements and best practices that can better protect everyone. An important initiative that can make a practical difference right now is addressing easily implemented improvements to certificate status services that handle revocation of invalid or expired certificates, specifically the implementation of OCSP stapling. What is certificate revocation?
World’s Leading Certificate Authorities Come Together to Advance Internet Security and the Trusted SSL Ecosystem
February 14, 2013 by CA Security Council CA/Browser Forum CASC CRL OCSP Revocation SSL/TLS
San Francisco, CA. – February 14, 2013 – Leading global certificate authorities announced the creation of the Certificate Authority Security Council (CASC), an advocacy group, committed to the exploration and promotion of best practices that advance the security of websites and online transactions. Through public education, collaboration, and advocacy, the CASC strives to improve understanding of critical policies and their potential impact on the internet infrastructure. Members of the CASC include Comodo, DigiCert, Entrust, GlobalSign, Go Daddy, Symantec, and Trend Micro.