Posts by ralden

Intermediate CA Certificates and Their Potential For Misuse For Man-In-The-Middle Attacks

Posted by on January 9, 2014 in Blog | 0 comments

We have seen recently that Google detected that publicly trusted TLS/(SSL) certificates had been created for Google domains without having been requested by Google themselves. The existence of such certificates might usually be taken as an indication of misissuance by the issuing CA (i.e. a failure or mistake by the CA which allowed the issuance of an end-entity certificate otherwise than in accordance with their policy) or as an indication of compromise of the issuing CA. In this case the problem was not quite either of those things but instead arose from the issuance of an unconstrained...

Read More

CAs Unite

Posted by on February 14, 2013 in Blog | 0 comments

Today marks an important day for internet security and future SSL enhancements, as the world’s seven largest publicly trusted Certificate Authorities are announcing the formation of the Certificate Authority Security Council. While leading CAs have worked together for years to address security challenges and meet them with evolving and increasingly strict standards and best practices through the CA/Browser Forum and other industry venues, we’ve lacked a union where we can come together and speak with a unified CA voice. The CASC will do just that. While not a standards-setting organization,...

Read More