Assessing the London Protocol

The London Protocol was originally proposed as a potential joint effort by CA Security Council members to combat phishing. All large commercial CAs revoke certificates for phishing websites when they are brought to their attention, but they do not proactively monitor their customers sites, and generally do not share information about misuse of certificates with […]

Deprecating TLS 1.0 & 1.1

There are currently three versions of the TLS protocol in use today: TLS 1.0, 1.1, and 1.2. TLS 1.0 was released in 1999, making it a nearly two-decade-old protocol. It has been known to be vulnerable to attacks—such as BEAST and POODLE—for years, in addition to supporting weak cryptography, which doesn’t keep modern-day connections sufficiently […]

HTTPS-Only Features in Major Browsers

You may not know this little fact: certain browser features require HTTPS to work. Features like getting a user’s location, accessing their microphone, or storing data locally on their device, all require that your website supports HTTPS. We often talk about the benefits to the user experience and website reputation by adopting HTTPS, but being […]

Prepare Now for General Data Protection Regulation or Be Ready to Pay Fines

The new European Union General Data Protection Regulation (GDPR) deadline is May 25, 2018, and despite that date quickly approaching, research shows many companies still aren’t ready. If they remain non-compliant, companies will face a fine up to 4 percent of annual turnover or €20 million (whichever is greater) per breach or issue related to […]

How to Build a PKI That Scales: Hosted vs. Internal [SME Interview]

In our previous interview with Darin Andrew, Senior PKI Architect at DigiCert, we discussed the differences between public and private PKI. We established that most enterprises use a hybrid PKI solution. That said, you have two options for implementing your private PKI: (1) use a hosted solution from a certificate authority (CA) or (2) build […]

Page 1 of 612345...Last »