-
Listen Now
EPISODE 56
Broadcast Date:
December 9, 201923 minutes
Podcast Dec 09, 2019Root Causes 56: 2019 Lookback - Evolving Cryptography
2019 saw important changes in the world's cryptographic standards. Join our hosts as they talk about what 2020 may hold in terms of evolving cryptography.
-
Listen Now
EPISODE 45
Broadcast Date:
October 17, 201923 minutes
Podcast Oct 17, 2019Root Causes 45: What Is the CA/Browser Forum?
SSL certificate practices are governed by the rules of the CA/Browser Forum; what is this forum, who is in it, and where does it get its authority?
-
Blog Post Sep 03, 2019
Sectigo Votes in Favor of One-Year SSL Certificate Term Limit
After careful consideration, Sectigo has decided to vote in favor of CA/Browser Forum (CABF) ballot SC22, which seeks to limit the allowed duration of TLS / SSL certificates to 397 days, or about thirteen months. It is a complex issue with pros and cons for both outcomes. This post will spell out our reasons for voting as we have.
-
Listen Now
EPISODE 33
Broadcast Date:
August 18, 201917 minutes
Podcast Aug 18, 2019Root Causes 33: Prepare for One-Year Limits on SSL Certificates
A proposed CA/Browser Forum ballot stands to limit SSL certificates to 13 months. Learn what such a change might mean to IT professionals everywhere.
-
Blog Post Aug 14, 2019
Be Prepared for One-Year SSL Certificate Duration
A recent CA/Browser Forum ballot sponsored by Google stands to limit SSL certificate lifespans to 397 days starting in March 2020. Should this pass, organizations using two-year SSL certificates will need to change their practices to only one-year certificates moving forward. Fortunately, automation options are available.
-
Listen Now
EPISODE 24
Broadcast Date:
June 27, 201916 minutes
Podcast Jun 27, 2019Root Causes 24: Certificate Revocation
Certificate revocation is an essential part of the certificate lifecycle. Join our hosts as they discuss revocation by the CA, code signing, and malware.
-
Listen Now
EPISODE 19
Broadcast Date:
May 29, 201914 minutes
Podcast May 29, 2019Root Causes 19: Death of a Public CA
Mozilla has decided to remove a public CA from its trusted root store, rendering public certificates from this CA valueless for almost all use cases.
-
Blog Post Mar 26, 2019
Why CAs Charge More for Extended Validation SSL
Extended Validation (EV) SSL certificates are one of three standard SSL certificate types issued by Certificate Authorities: DV, OV, and EV. What makes EV certificates different from the others is that they provide the highest assurance that the domain is NOT associated with a bad actor. When users see a company-branded address bar next to the URL, they can know that they are on a trusted domain.
So is an EV SSL certificate right for you? In order to determine this, it’s important to understand why the cost is higher than other certificate options, the unique value it provides, and how the issuance process works.
-
Listen Now
EPISODE 09
Broadcast Date:
March 25, 201915 minutes
Podcast Mar 25, 2019Root Causes 09: 63-bit Serial Numbers
A recently discovered flaw in common practices reveals that potentially millions of active SSL certificates fall short of cryptographic requirements.
-
Learn More
All Sectigo Public Certificates Meet 64-Bit Serial Number Requirements
Blog Post from Sectigo
Blog Post Mar 13, 2019Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines. News reports indicate that several certificate issuers are affected. We would like to clarify that NO active public certificates from Sectigo are subject to this flaw.
-
Learn More
Will the Imminent Death of Microsoft Edge Lead to an Insecure...
News Article from Sectigo
News Article Dec 07, 2018Reports are starting to emerge that Microsoft is to stop developing Microsoft Edge after three pretty unimpressive years and instead replace it with a Chromium-based browser. Codename Anaheim, this new browser is said be slated to replace Edge in Windows 10 although it's not clear if the Edge name will remain.
-
Learn More
Changes Coming to Comodo CA Certificate Lifetime Policies
Blog Post from Sectigo
Blog Post Jan 17, 2018Beginning March 1, 2018, Comodo CA will reduce the maximum lifetime for all SSL (TLS) certificates to a maximum of 825 days, or just over 27-months. This timeline is down from the current term of 39-months, meaning the maximum validity for an SSL certificate will be two years. Three-year certificates will be removed as options from our retail website, API’s and provisioning portals.
