Watch Out

What Your Browser Doesn’t Tell You Can Hurt You – Revocation and Internet Explorer

One of the topics I have been using as an example of revocation checking behavior in my PKI In-Depth class is the interesting case of Internet Explorer (IE) and its revocation behavior. Let’s take a moment and have you think about your assumption of how IE is behaving when you go to a HTTPS (SSL/TLS)…

Read More

Certificate Transparency Enforcement and Microsoft CAs – Oct 2017 Deadline

To address some weaknesses in the public PKI trust process, Certificate Transparency¬†(CT) was created to make it easier to detect and track fraudulent certificate issuance and use. The intent is that a small collection of log servers would contain information about valid certificates and browsers can check the log to see if a given certificate…

Read More

Goodbye MD5 – Sooner Than You Think!

If you recall, last year Microsoft took a small step to increase the security of enterprises by following industry standards that weaker/shorter keylengths were no longer viable for production use. Microsoft did this with KB 2661254 which prevented Windows operating systems from validating certificates with key lengths shorter than 1024. Recently, Microsoft announced Security Advisory…

Read More