Chrome Will Show Not Secure for all HTTP Sites Starting July 2018

Posted by on February 15, 2018 0 comments

Through 2017 and into 2018, we have seen the use of HTTPS grow substantially. Last Fall Google announced the following status: Over 68% of Chrome traffic on both Android and Windows is now protected Over 78% of Chrome traffic on both Chrome OS and Mac is now protected 81 of the top 100 sites on the web use HTTPS by default Google helped to drive this growth by implementing the “Secure” and “Not secure” status in Chrome’s status bar. “Secure” was provided for HTTPS sites. “Not secure” was implemented progressively, first resulting for HTTP pages requiring a password or...

Read More

2018 – Looking Back, Moving Forward

Posted by on January 6, 2018 0 comments

Looking Back at 2017 2017 saw the end of SHA-1 in public trust SSL/TLS certificates and the start of Certification Authority Authorization (CAA) allowing domain owners to authorize their CA. A “Not secure” browser indication was propagated to push more websites to support HTTPS. There was also a change in the certification authority (CA) ownership with DigiCert acquiring Symantec’s SSL and related PKI business and Francisco Partners buying Comodo’s CA. Vulnerabilities Google and CWI announced SHAttered, an attack on the SHA-1 cryptographic hash function. The attack was demonstrated...

Read More

How Does the ROCA Attack Work?

Posted by on November 9, 2017 0 comments

On October 17th, a group of Czech researchers announced they had found a way to factor the moduli of many RSA public keys generated by hardware produced by Infineon Technologies AG.  The technical details were presented in a paper at the 2017 Computer and Communications Security conference, hosted by the Association for Computing Machinery on November 2nd. The technique only works against the key pairs produced by Infineon’s library, because it exploits the unique method they use to generate RSA primes.  Key pairs produced by other methods and libraries are unaffected.  However,...

Read More

Quantum Computing: Real or Exaggerated Threat to the Web PKI?

Posted by on August 30, 2017 0 comments

Twenty years ago, paying your phone or electric bill involved receiving it in the mail, writing a check and mailing it back to the company. Today, that has largely been replaced by email and web-based payment submittals. All of this is secured by digital certificates and encryption, which provide privacy and authentication of information transiting the open Internet (aka Web PKI). The web PKI is predominantly secured by RSA encryption algorithms; mathematical theorems which have been improved over time. These algorithms depend on the difficulty of computers in factoring large prime numbers in...

Read More

How Browser Security Indicators Can Protect You from Phishing

Posted by on June 6, 2017 2 comments

The media is full of stories about how phishing sites are moving rapidly to encryption using anonymous, free DV certificates they use to imitate login pages for popular sites, such as As noted in the article “PayPal Phishing Certificates Far More Prevalent than Previously Thought”,, more than 14,000 DV SSL certificates have been issued to PayPal phishing sites since the start of 2016.  Based on a random sample, 96.7% of these certificates were intended for use on phishing sites. A typical certificate will be for a...

Read More

Certificate Transparency Deadline Moved to April 2018

Posted by on May 3, 2017 0 comments

Google just announced they will not be enforcing certificate transparency (CT) logging for all new TLS certificates until April 2018. In a previous blog post, we advised that Google provided a new policy, which required new TLS certificates to be published to the CT logs in order for the domain to be trusted by Chrome. The reason for the delay was not clear, but Google needs to consider the following: Overall CT policy discussions with the major stakeholders are underway, but we are still far away from a conclusion. Other browsers appear to be supporting CT, but have yet to determine their...

Read More