Posts made in April, 2013

Recap of NIST’s Workshop on Improving Trust in the Online Marketplace

Posted by on April 17, 2013 in Blog | 0 comments

On April 10 and 11, NIST held a workshop in Maryland to bring together many parties (industry, research and academia communities, and government sectors) to examine “technical and administrative efforts to increase trust online by improving the Public Key Infrastructure certificate marketplace supporting SSL and TLS.” From the opening keynote to the final remarks, we heard from experts around the world. There were presentations on the current state of trust infrastructure and audits, the impact of recent breaches, detailed looks on some emerging solutions like Certificate Transparency and...

Read More

CASC Happenings at NIST

Posted by on April 9, 2013 in Blog | 0 comments

This week members of the CASC will be attending and speaking at the NIST Workshop on Improving Trust in the Online Marketplace. You can also follow the CASC on Twitter for more information and news at @CertCouncil, as well as see some of the presentations after the events on our SlideShare page. Even if you can’t make it to Maryland, you can still watch the event via the live webcast. Please join us for the following CASC member events: Session 2: Trust Architectures Wednesday, April 10 | 10:45 a.m.-12:30 p.m. ET State of PKI for SSL/TLSRuss Housley, Vigil Security, LLC Revocation Process...

Read More

Self-Signed Certificates Don’t Deliver Trust

Posted by on April 2, 2013 in Blog | 2 comments

We’ve heard the argument that website operators could just use self-signed certificates. They are easy to issue and they are “free.” Before issuing self-signed certificates, it’s a good idea to examine the trust and security model. You should also compare self-signed certificates to the publicly trusted certification authority (CA) model; and then make your own decision. Self-Signed Certificate Model Owner says who they are Owner issues on their own policy Owner is responsible for quality Owner may not follow industry guidelines Owner may not provide certificate status Compromised...

Read More