PKI Consortium blog

Posts by tag EV

    Don’t ‘Compromise’ Your Code Amid Malware Mayhem
    May 12, 2020 by Abul Salek (Sectigo) CA/Browser Forum Code Signing EV FIPS HSM Malware Microsoft Phishing SSL/TLS
    Code Signing Certificates demand a price premium in the underground online marketplace. This is no surprise considering that criminals sometimes use them to dupe their potential victims into installing malware in their machine.

    The CA Security Council Looks Ahead to 2020 and Beyond
    January 9, 2020 by Patrick Nohe (GlobalSign), Doug Beattie (GlobalSign) Apple CA/Browser Forum Chrome Edge Encryption EV Firefox Forward Secrecy GDPR Google Identity Microsoft Mozilla PKI Policy Qualified SSL 3.0 SSL/TLS TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 Web PKI

    A whirlwind of activity will cause dramatic shifts across the PKI world in the year ahead

    Suffice it to say that 2019 was filled with challenges and contentiousness as Certificate Authorities and Browsers began to watch their shared visions diverge. The debate around Extended Validation continued as CAs pushed for a range of reforms and browsers pushed to strip its visual indicators. And a ballot to shorten maximum certificate validity periods exposed fault-lines at the CAB Forum.

    Online Identity Is Important: Let’s Upgrade Extended Validation
    October 21, 2019 by Patrick Nohe (GlobalSign) Apple CA/Browser Forum Chrome Code Signing Encryption EV Google Identity Mozilla Phishing SSL/TLS

    It’s time for the CA/Browser Forum to focus on the other half of its mandate

    Let’s have a candid discussion about Extended Validation SSL. What’s working. What’s NOT. And what can be done to fix it so that all parties involved are satisfied.

    The Insecure Elephant in the Room
    October 10, 2019 by Paul Walsh 2FA Android Attack Chrome DV Encryption EV Firefox Google Identity Malware Microsoft Mozilla Phishing Policy Revocation SSL/TLS Vulnerability W3C

    The purpose of this article

    The purpose of this article is to demonstrate why I believe browser-based UI for website identity can make the web safer for everyone. I explain in great detail, the reasons why the UI and UX didn’t work in the past. And what’s left is only making the problem worse instead of better.

    Why Are You Removing Website Identity, Google and Mozilla?
    August 27, 2019 by Kirk Hall (Entrust), Tim Callan (Sectigo) CA/Browser Forum Chrome DV Encryption EV Firefox GDPR Google Identity Malware Mozilla Phishing SSL/TLS

    You can’t have consumer privacy without having strong website identity

    Today there’s a huge wave toward protecting consumer privacy – in Congress, with the GDPR, etc. – but how can we protect user privacy on the web without establishing the identity of the websites that are asking for consumer passwords and credit card numbers? Extended Validation (EV) certificates provide this information and can be very useful for consumers.

    What Are Subordinate CAs and Why Would You Want Your Own?
    June 26, 2019 by Doug Beattie (GlobalSign) CA/Browser Forum Chrome Code Signing CRL ECC eIDAS Encryption EV HSM Identity Microsoft OCSP PKI Policy Revocation RSA S/MIME SSL/TLS

    Digital certificate and PKI adoption has changed quite a bit in recent years. Gone are the days where certificates were only synonymous with SSL/TLS; compliance drivers like stronger authentication requirements and digital signature regulations (e.g. eIDAS) have greatly expanded the role of PKI within the enterprise.

    As PKI usage has expanded, conversation has moved beyond just the number and type of certificates needed and onto deeper dialogue about custom PKI deployments. A large part of the conversation is around subordinate CAs, sometimes referred to as Issuing or Intermediate CAs, and why an organization might want their own. Let’s discuss.

    What the Latest Firefox Update Means for SSL Certificates
    June 14, 2019 by Tim Callan (Sectigo) CASC EV Firefox SSL/TLS Vulnerability

    Last month marked the release of Firefox 66, the newest iteration of the ever-popular web browser.  The update adds a number of interesting new features, including improvements to content loading and extension storage, auto-play sound blocking, and support for the AV1 codec (on the Windows version at least).  The search feature has also been improved, and, as is typical of browser updates, a number of known security vulnerabilities have been patched.

    2019 – Looking Back, Moving Forward
    January 3, 2019 by Bruce Morton (Entrust) Attack CA/Browser Forum Certificate Expiry Chrome Code Signing DV ECC EV Forward Secrecy Identity Mis-issued Phishing PKI Policy Qualified Revocation RSA SSL/TLS TLS 1.0 TLS 1.3 Vulnerability


    Looking Back at 2018

    2018 was an active year for SSL/TLS. We saw the SSL/TLS certificate validity period drop to 825-days and the mass deployment of Certificate Transparency (CT). TLS 1.3 protocol was finally completed and published; and Chrome status bar security indicators changing to remove “secure” and to concentrate on “not secure.” The CA/Browser Forum has been reformed, the London Protocol was announced and the nearly full distrust of Symantec SSL completed. Here are some details on some of the 2018 happenings in the SSL/TLS ecosystem.

    CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly
    December 6, 2018 by Bruce Morton (Entrust), Chris Bailey (Entrust), Jay Schiavo (Entrust) Apple Attack CASC Chrome DV Encryption EV Firefox Google Identity IETF Malware Microsoft Phishing SSL/TLS TLS 1.0 TLS 1.2 TLS 1.3


    As the legendary coach of the NY Yankees Yogi Berra allegedly said, “It’s difficult to make predictions, especially about the future.”  But we’re going to try.

    Here are the CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly.

    The Good

    Prediction: By the end of 2019, over 90% of the world’s http traffic will be secured over SSL/TLS

    CASC Announces Launch of London Protocol to Improve Identity Assurance and Minimize Phishing on Identity Websites
    June 27, 2018 by CA Security Council Attack CA/Browser Forum CASC DV EV Identity OV Phishing SSL/TLS

    LONDON – (June 27, 2018) – The Certificate Authority Security Council (CASC), an advocacy group committed to the advancement of the security of websites and online transactions, announced at the CA/Browser Forum event in London the launch of the London Protocol – an initiative to improve identity assurance and minimize the possibility of phishing activity on websites encrypted with organization validated (OV) and extended validation (EV) certificates, which contain organization identity information (Identity Certificates).

    Participate in our community discussions and/or join the consortium