-
Podcast May 10, 2024
Root Causes 385: Failed Revocation and Wildcard Certificates
We discuss misuse of wildcard certificates, failure to revoke on time, and how these two failures magnify each other.
-
Podcast May 02, 2024
Root Causes 383: Delayed Revocation Events by the Numbers
An epidemic of delayed revocations has infected the public CA community. We track delayed revocations since the beginning of 2021 and discuss root causes.
-
Blog Post Apr 29, 2024
Digital certificates drive security. Lifecycle management, including revocation, prevents vulnerabilities. Understand its purpose and importance.
-
Podcast Apr 11, 2024
Root Causes 377: Is CPS/Issuance Misalignment a Revocation Event?
If you issue public certificates that are fully compliant except they don't reflect what your CPS says, are they misissued? Do they require revocation?
-
Podcast Jun 23, 2023
Root Causes 313: SSL Revocation Reason Codes
We explain the allowed public SSL revocation reason codes, along with some explicitly forbidden reason codes and the backstory behind them.
-
Podcast Jan 27, 2023
Root Causes 272: OCSP's Privacy Problem
Concerns recently have been raised about OCSP real-time certificate checking and its potential to violate privacy.
-
Podcast Mar 19, 2021
Root Causes 157: New Revocation Research
Research of public revocation information examines revocation behavior from public CAs. Listen for the main takeaways and "revocation transparency."
-
Podcast Nov 30, 2020
Root Causes 131: Apple OCSP Slowdown Explained
Apple's Big Sur OS rollout drove a slowdown in the company's OCSP responders, affecting all Apple operating systems. We explain what happened and why.
-
Podcast Jul 14, 2020
Root Causes 106: Massive Intermediate Certificate Distrust on the Way
14 public CAs have to revoke intermediates and destroy their keys, putting millions of active SSL, S/MIME, and other public certificates at risk.
-
Blog Post Jul 02, 2020
Google has identified intermediate certificates from public CAs that violate CABF Baseline Requirements and pose security risk. Sectigo is unaffected.
-
Podcast May 26, 2020
Root Causes 94: Revocation Checking Through OCSP and CRL
One essential portion of the certificate lifecycle is the ability to revoke certificates. Public SSL certificates use a pair of mechanisms to communicate this revocation status to client machines, CRL and OCSP. In this episode we explain how these mechanisms work and some of their strengths and challenges.
-
Podcast Jun 27, 2019
Root Causes 24: Certificate Revocation
Certificate revocation is an essential part of the certificate lifecycle. Join our hosts as they discuss revocation by the CA, code signing, and malware.