PKI Consortium blog
Posts by tag W3C
The Insecure Elephant in the Room
October 10, 2019 by
Paul Walsh
2FA
Android
Attack
Chrome
DV
Encryption
EV
Firefox
Google
Identity
Malware
Microsoft
Mozilla
Phishing
Policy
Revocation
SSL/TLS
Vulnerability
W3C
The purpose of this article The purpose of this article is to demonstrate why I believe browser-based UI for website identity can make the web safer for everyone. I explain in great detail, the reasons why the UI and UX didn’t work in the past. And what’s left is only making the problem worse instead of better.
Some people seem to find it difficult to consume my thoughts about the enforcement of “HTTPS EVERYWHERE”, free DV certs and the browser padlock.
Fortify Allows Users to Generate X.509 Certificates in Their Browser
June 19, 2018 by
Tim Hollebeek
Chrome
Code Signing
Encryption
Firefox
Google
HSM
Microsoft
Mozilla
S/MIME
W3C
Fortify, an open source application sponsored by Certificate Authorities through the CA Security Council, is now available for Windows and Mac. The Fortify app, which is free for all users, connects a user’s web browsers to smart cards, security tokens, and certificates on a user’s local machine. This can allow users to generate X.509 certificates in their browser, replacing the need for the deprecated <keygen> functionality.
Certificate Generation In The Browser The Web Cryptography API, also known as Web Crypto, provides a set of cryptographic capabilities for web browsers through a set of JavaScript APIs.
Moving to Always on HTTPS, Part 2 of 2; Upgrading to HTTP Strict Transport Security
February 18, 2016 by
Ben Wilson
HSTS
Mixed Content
Policy
SSL/TLS
Vulnerability
W3C
Part 1 of this blog post discussed browser security indicators and how to avoid getting warnings about mixed content on your website. (Mixed content leaves a door open that allows an attacker to snoop or inject malicious content during the browsing session.) This Part 2 discusses other technical measures to implement Always on HTTPS. As I noted previously, one of the difficulties with implementing Always on HTTPS is that content is often provided by third parties.