-
Podcast Apr 11, 2024
Root Causes 377: Is CPS/Issuance Misalignment a Revocation Event?
If you issue public certificates that are fully compliant except they don't reflect what your CPS says, are they misissued? Do they require revocation?
-
Podcast Jun 23, 2023
Root Causes 313: SSL Revocation Reason Codes
We explain the allowed public SSL revocation reason codes, along with some explicitly forbidden reason codes and the backstory behind them.
-
Podcast Jan 27, 2023
Root Causes 272: OCSP's Privacy Problem
Concerns recently have been raised about OCSP real-time certificate checking and its potential to violate privacy.
-
Podcast Mar 19, 2021
Root Causes 157: New Revocation Research
Research of public revocation information examines revocation behavior from public CAs. Listen for the main takeaways and "revocation transparency."
-
Podcast Nov 30, 2020
Root Causes 131: Apple OCSP Slowdown Explained
Apple's Big Sur OS rollout drove a slowdown in the company's OCSP responders, affecting all Apple operating systems. We explain what happened and why.
-
Podcast Jul 14, 2020
Root Causes 106: Massive Intermediate Certificate Distrust on the Way
14 public CAs have to revoke intermediates and destroy their keys, putting millions of active SSL, S/MIME, and other public certificates at risk.
-
Blog Post Jul 02, 2020
Google has identified intermediate certificates from public CAs that violate CABF Baseline Requirements and pose security risk. Sectigo is unaffected.
-
Podcast May 26, 2020
Root Causes 94: Revocation Checking Through OCSP and CRL
One essential portion of the certificate lifecycle is the ability to revoke certificates. Public SSL certificates use a pair of mechanisms to communicate this revocation status to client machines, CRL and OCSP. In this episode we explain how these mechanisms work and some of their strengths and challenges.
-
Podcast Jun 27, 2019
Root Causes 24: Certificate Revocation
Certificate revocation is an essential part of the certificate lifecycle. Join our hosts as they discuss revocation by the CA, code signing, and malware.
-
Blog Post Jun 04, 2019
Why Sectigo revokes certificate used for signed malware, the process, the impacts on legitimate business using the certificates & CA tradeoffs faced.
-
News Article May 25, 2019
Following Chronicle’s study on signed malware registered on VirusTotal scanning service over a one-year period, Sectigo carried their own investigation to identify abused certificates and revoke them.
-
Blog Post May 24, 2019
Recent reports of Comodo / Sectigo Code Signing certificates used for malware contain numbers that are difficult to understand and may lead to false conclusions. In this post we clarify the numbers behind the reported malware signing.