OCSP Must-Staple

Posted by on June 18, 2014 0 comments

With the announcement of the Heartbleed bug and the resulting need to revoke large numbers of SSL certificates, the topic of certificate revocation has, once again, come to the fore. There have been many issues with how revocation information is provided to the browsers. First let’s review how SSL certificate status may currently be obtained: How Definition Pros Cons Certificate Revocation List (CRL) A signed list of the serial numbers of all revoked certificates that were signed by the CA’s certificate. A single point of reference for the status of all...

Read More

Benefits of Elliptic Curve Cryptography

Posted by on June 10, 2014 3 comments

Elliptic Curve Cryptography (ECC) has existed since the mid-1980s, but it is still looked on as the newcomer in the world of SSL, and has only begun to gain adoption in the past few years. ECC is a fundamentally different mathematical approach to encryption than the venerable RSA algorithm. An elliptic curve is an algebraic function (y2 = x3 + ax + b) which looks like a symmetrical curve parallel to the x axis when plotted. (See figures below.) As with other forms of public key cryptography, ECC is based on a one-way property in which it is easy to perform a calculation but infeasible to...

Read More