Certification Authority Authorization Checking: What is it, and Why Does it Matter?

The Public Key Infrastructure (PKI) ecosystem relies on root certificates issued by various certificate authorities (CAs) like DigiCert. This is what browsers use to decide which websites can be trusted and which ones can’t. But if any CA can issue a TLS/SSL certificate for any domain, certificate issuance could happen without the knowledge of website […]

Scaling CT Logs: Temporal Sharding

Our industry is moving toward universal support for Certificate Transparency (CT), one of the largest improvements to trust and security for the Web PKI system and SSL certificates in years. Later this month, CT will effectively become an industry-wide mandate when Google Chrome starts requiring it for all new publicly trusted SSL certificates. Already, hundreds […]