Logo

PKI Consortium blog

Posts by tag ICANN

    What To Do When You Rely on Internal Names in TLS/SSL Certificates
    July 18, 2014 by Wayne Thayer Attack CA/Browser Forum Firefox IANA ICANN Microsoft MITM Qualified SSL/TLS

    A deadline set by the CA/Browser Forum for the use of Internal Names is quickly approaching, and many system administrators need to understand how best to adapt to this change. At the same time, hundreds of new top-level domains are being launched, which redefines what constitutes an Internal Name. In this post we’ll explain what the changes are, why they’re being made, and how you can update your systems in response to the problem.

    2014 – Looking Back, Moving Forward
    January 6, 2014 by Bruce Morton (Entrust) Attack BEAST CA/Browser Forum CAA Code Signing ECC Encryption Forward Secrecy HSTS ICANN IETF Microsoft MITM Mozilla PKI Policy RC4 RSA SHA1 SSL/TLS TLS 1.2

    Looking Back at 2013

    Protocol Attacks

    The year started with a couple of SSL/TLS protocol attacks: Lucky Thirteen and RC4 attack. Lucky Thirteen allows the decryption of sensitive information, such as passwords and cookies, when using the CBC-mode cipher suite. Lucky Thirteen can be mitigated by implementing software patches or preferring the cipher suite RC4.

    ICANN’s Accelerated gTLD Delegation Process and How This Impacts Your Organization
    December 18, 2013 by Jeremy Rowley Announcement CA/Browser Forum CASC ICANN MITM Mozilla PKI Policy Qualified Revocation SSL/TLS Vulnerability

    After the CASC’s previous letter addressing ICANN’s proposal to delegate nearly 2000 new gTLDs for use on the public Internet, ICANN identified and initiated an extensive study on two significant security issues. Now, based on the conclusions of the studies, ICANN is moving forward quickly with the delegation process, delegating more than 30 in the last two months alone. With ICANN ramping up the delegation process, nearly all 2000 will be delegated under the new rules, with only .corp and .home reserved as high risk gTLDs. This post serves as an advisory for interested network administrator on how the newest ICANN decisions may affect their networks and certificates.

    What the ICANN SSAC Report Doesn’t Tell You
    March 22, 2013 by CA Security Council CA/Browser Forum CASC ICANN SSL/TLS

    The CA Security Council, which comprises seven of the largest CAs, read with interest the article titled, “Internal-use SSL certificates pose security risk for upcoming domain extensions.” As a group in one of the best positions to understand the impact of the new gTLDs on organizational security infrastructure and the Internet as a whole, we felt it appropriate to comment on this and related stories which summarize the ICANN Security and Stability Advisory Committee (SSAC) report sac 045 Invalid Top Level Domain Queries at the Root Level of the Domain Name System.

    Participate in our community discussions and/or join the consortium