Mozilla has started 2018 off with a major announcement: “Effective immediately, all new features that are web-exposed are to be restricted to secure contexts.” “Web-exposed” means any features accessible from a web page or web server. This applies to new APIs, such as WebVR, a major addition Mozilla has been working on for some time. […]
Starting February 1, 2018 DigiCert will submit all newly issued and publicly trusted SSL certificates to Certificate Transparency (CT) logs by default. In the interest of improving our customer’s security and encouraging adoption, we are making this change ahead of Google’s industry-wide requirement that goes into effect in April 2018. CT logging has only been required […]
You may not know this little fact: certain browser features require HTTPS to work. Features like getting a user’s location, accessing their microphone, or storing data locally on their device, all require that your website supports HTTPS. We often talk about the benefits to the user experience and website reputation by adopting HTTPS, but being […]
Jeremy Rowley, EVP of Product at DigiCert, answers common questions about how customers can maintain trust in their Symantec-issued certificates. With DigiCert’s acquisition of Symantec Website Security, there has been some misinformation in the market about how the browser timeline affects Symantec-issued certificates. After reading this, you will have a clear understanding of what the […]
Earlier this year at its Worldwide Developer Conference (WWDC), Apple announced Safari 11 and gave audiences a preview of the new features for the browser, including a redesigned error pages for SSL certificate warnings. Safari 11 was officially released last week for macOS and ships with the latest version, High Sierra. The new certificate warning […]
We expect the new CAA requirement to have a small impact on the security and complexity of the web, but we are happy it is an improvement with a low-cost process.
Earlier this year, both Google and Mozilla released versions of Chrome and Firefox with changes to their security indicators and updates for the SHA-1 deprecation. Both browsers feel that these changes will simultaneously help users recognize the risks of entering unsecure HTTP sites and urge site owners to upgrade to secure HTTPS connections. Chrome In […]
Google’s browser will explicitly state HTTP-connected sites are not secure in January 2017.
Google’s Chrome Connection Tab, security icons, and information were confusing for users and too basic for developers; now it is the Chrome Security Panel.