Blog

Online Identity Is Important: Let’s Upgrade Extended Validation

Posted by on October 21, 2019 in Blog | 0 comments

It’s time for the CA/Browser Forum to focus on the other half of its mandate Let’s have a candid discussion about Extended Validation SSL. What’s working. What’s NOT. And what can be done to fix it so that all parties involved are satisfied. But first, let’s zoom out and talk big picture. The vast majority of website owners almost never think of SSL. They worry about it once every year or so when it needs to be replaced, but it’s not really a major point of consideration. And even when it is, it’s on more of a macro level when managing certificates at scale. Most site owners and...

Read More

The Insecure Elephant in the Room

Posted by on October 10, 2019 in Blog | 0 comments

[Update: October 16, 2019] The purpose of this article The purpose of this article is demonstrate why I believe browser-based UI for website identity can make the web safer for everyone. I explain in great detail, the reasons why the UI and UX didn’t work in the past. And what’s left is only making the problem worse instead of better. Some people seem to find it difficult to consume my thoughts about the enforcement of “HTTPS EVERYWHERE”, free DV certs and the browser padlock. Please assume that I support all of these things. My article covers controversial opinions about the...

Read More

Why Are You Removing Website Identity, Google and Mozilla?

Posted by on August 27, 2019 in Blog | 0 comments

You can’t have consumer privacy without having strong website identity Today there’s a huge wave toward protecting consumer privacy – in Congress, with the GDPR, etc. – but how can we protect user privacy on the web without establishing the identity of the websites that are asking for consumer passwords and credit card numbers? Extended Validation (EV) certificates provide this information and can be very useful for consumers. Recently, Google and Mozilla have announced plan to eliminate the distinctive indicators in the Chrome and Firefox browsers that let consumers know that they are...

Read More

9 Common Myths About CAs

Posted by on August 1, 2019 in Blog | 0 comments

Over the years misconceptions about CAs and the SSL infrastructure have arisen. Below is a list of common myths related to SSL and CAs. Myth #1: CAs are not regulated Fact: CAs are subject to various checks and balances, including third-party qualified audits through WebTrust or ETSI and strict criteria set forth by leading browsers, before they are accepted in browser root stores. Similarly, the CA/Browser Forum’s Baseline Requirements and Network Security Guidelines establish global standards for certificate issuance and CA controls that will soon be included in third-party auditing...

Read More

The Advantages of Short-Lived SSL Certificates for the Enterprise

Posted by on July 18, 2019 in Blog | 0 comments

Short validity period certificates are becoming ever more common to reduce the scope of data compromised if a server vulnerability is uncovered, such as HeartBleed.  Good security practice dictates changing keys on a regular basis, normally annually, but if you want to limit your exposure further, you can replace your certificates and underlying keys more frequently. Sandstorm is an open source server software that makes it easy to install web apps. In order to solve the problem of setting up DNS without too much complication, Sandstorm announced the release of Sandcats.io. Sandcats.io is a...

Read More

What Are Subordinate CAs and Why Would You Want Your Own?

Posted by on June 26, 2019 in Blog | 0 comments

Digital certificate and PKI adoption has changed quite a bit in recent years. Gone are the days where certificates were only synonymous with SSL/TLS; compliance drivers like stronger authentication requirements and digital signature regulations (e.g. eIDAS) have greatly expanded the role of PKI within the enterprise. As PKI usage has expanded, conversation has moved beyond just the number and type of certificates needed and onto deeper dialogue about custom PKI deployments. A large part of the conversation is around subordinate CAs, sometimes referred to as Issuing or Intermediate CAs, and...

Read More