Blog

9 Common Myths About CAs

Posted by on August 1, 2019 in Blog | 0 comments

Over the years misconceptions about CAs and the SSL infrastructure have arisen. Below is a list of common myths related to SSL and CAs. Myth #1: CAs are not regulated Fact: CAs are subject to various checks and balances, including third-party qualified audits through WebTrust or ETSI and strict criteria set forth by leading browsers, before they are accepted in browser root stores. Similarly, the CA/Browser Forum’s Baseline Requirements and Network Security Guidelines establish global standards for certificate issuance and CA controls that will soon be included in third-party auditing...

Read More

The Advantages of Short-Lived SSL Certificates for the Enterprise

Posted by on July 18, 2019 in Blog | 0 comments

Short validity period certificates are becoming ever more common to reduce the scope of data compromised if a server vulnerability is uncovered, such as HeartBleed.  Good security practice dictates changing keys on a regular basis, normally annually, but if you want to limit your exposure further, you can replace your certificates and underlying keys more frequently. Sandstorm is an open source server software that makes it easy to install web apps. In order to solve the problem of setting up DNS without too much complication, Sandstorm announced the release of Sandcats.io. Sandcats.io is a...

Read More

What Are Subordinate CAs and Why Would You Want Your Own?

Posted by on June 26, 2019 in Blog | 0 comments

Digital certificate and PKI adoption has changed quite a bit in recent years. Gone are the days where certificates were only synonymous with SSL/TLS; compliance drivers like stronger authentication requirements and digital signature regulations (e.g. eIDAS) have greatly expanded the role of PKI within the enterprise. As PKI usage has expanded, conversation has moved beyond just the number and type of certificates needed and onto deeper dialogue about custom PKI deployments. A large part of the conversation is around subordinate CAs, sometimes referred to as Issuing or Intermediate CAs, and...

Read More

What the Latest Firefox Update Means for SSL Certificates

Posted by on June 14, 2019 in Blog | 0 comments

Last month marked the release of Firefox 66, the newest iteration of the ever-popular web browser.  The update adds a number of interesting new features, including improvements to content loading and extension storage, auto-play sound blocking, and support for the AV1 codec (on the Windows version at least).  The search feature has also been improved, and, as is typical of browser updates, a number of known security vulnerabilities have been patched. The update also made improvements to the way in which security warnings are displayed in the browser, with the intention of helping users...

Read More

2019 – Looking Back, Moving Forward

Posted by on January 3, 2019 in Blog | 0 comments

Looking Back at 2018 2018 was an active year for SSL/TLS. We saw the SSL/TLS certificate validity period drop to 825-days and the mass deployment of Certificate Transparency (CT). TLS 1.3 protocol was finally completed and published; and Chrome status bar security indicators changing to remove “secure” and to concentrate on “not secure.” The CA/Browser Forum has been reformed, the London Protocol was announced and the nearly full distrust of Symantec SSL completed. Here are some details on some of the 2018 happenings in the SSL/TLS ecosystem. Vulnerabilities The new vulnerabilities exposed...

Read More

CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly

Posted by on December 6, 2018 in Blog | 0 comments

As the legendary coach of the NY Yankees Yogi Berra allegedly said, “It’s difficult to make predictions, especially about the future.”  But we’re going to try. Here are the CA Security Council (CASC) 2019 Predictions: The Good, the Bad, and the Ugly. The Good Prediction: By the end of 2019, over 90% of the world’s http traffic will be secured over SSL/TLS Encryption boosts user security and privacy, and the combined efforts of browsers and Certification Authorities (CAs) over the past few years have moved us rapidly to a world approaching 100% encryption.  To date, encryption uptake has...

Read More