PKI Consortium blog
Posts by tag W3C
The Insecure Elephant in the Room
October 10, 2019 by Paul Walsh 2FA Android Attack Chrome DV Encryption EV Firefox Google Identity Malware Microsoft Mozilla Phishing Policy Revocation SSL/TLS Vulnerability W3C
The purpose of this article The purpose of this article is to demonstrate why I believe browser-based UI for website identity can make the web safer for everyone. I explain in great detail, the reasons why the UI and UX didn’t work in the past. And what’s left is only making the problem worse instead of better. Some people seem to find it difficult to consume my thoughts about the enforcement of “HTTPS EVERYWHERE”, free DV certs and the browser padlock.
Fortify Allows Users to Generate X.509 Certificates in Their Browser
June 19, 2018 by Tim Hollebeek Chrome Code Signing Encryption Firefox Google HSM Microsoft Mozilla S/MIME W3C
Moving to Always on HTTPS, Part 2 of 2; Upgrading to HTTP Strict Transport Security
February 18, 2016 by Ben Wilson HSTS Mixed Content Policy SSL/TLS Vulnerability W3C
Part 1 of this blog post discussed browser security indicators and how to avoid getting warnings about mixed content on your website. (Mixed content leaves a door open that allows an attacker to snoop or inject malicious content during the browsing session.) This Part 2 discusses other technical measures to implement Always on HTTPS. As I noted previously, one of the difficulties with implementing Always on HTTPS is that content is often provided by third parties.