Sectigo Blog

Spoof is a technical term in the IT security world. But it has meaning in our daily lives as well, which can color our thinking about security matters.

The Root Causes podcast explores the important issues behind today’s world of PKI, online trust, and digital certificates. As part of our series on quantum-resistant cryptography hosts Jason Soroko (CTO of IoT, Sectigo) and Tim Callan (Senior Fellow, Sectigo) show us how to calculate the time needed to swap out to a quantum-resistant cryptographic foundation for digital interactions and explore whether or not we will get there in time.

After careful consideration, Sectigo has decided to vote in favor of CA/Browser Forum (CABF) ballot SC22, which seeks to limit the allowed duration of TLS certificates to 397 days, or about thirteen months. It is a complex issue with pros and cons for both outcomes. This post will spell out our reasons for voting as we have.

Last week, representatives of CertCenter AG, namely Andreas Mallek (CEO), Carsten Müller(CEO) and Federico Reimers (Head of Marketing and Sales), traveled from Germany to meet with us at our headquarters in New Jersey. The representatives came to provide our management team with a closer look at the DACH market.

On July 30^th, the U.S. Department of Homeland Security's CISA issued a security alert warning aircraft owners about vulnerabilities that can be exploited to alter the telemetry. It’s critical for OEMs, their supply chains, and enterprises to include–and continuously fortify–security and identity management at the device level.

The week before last, very quickly and without advance warning, Mozilla announced that it would remove the Extended Validation SSL certificate indicator from its upcoming build 70. This announcement spawned a very lively debate that is still going on. Below is my response to the thread, explaining why I believe it to be ill- considered and detrimental to overall internet security.

The Root Causes podcast explores the important issues behind today’s world of PKI, online trust, and digital certificates. The world recently witnessed the previously unprecedented strategy of a government attempting to force its own trusted root on its citizens for surveillance purposes. In this episode hosts Jason Soroko (CTO of IoT, Sectigo) and Tim Callan (Senior Fellow, Sectigo) discuss this action, its dangers, and some of the potential pitfalls in blocking it.