-
Listen Now
EPISODE 416
Broadcast Date:
August 30, 202423 minutes
Podcast Aug 30, 2024Root Causes 416: Subscriber Restraining Order Prevents Revocation
An enterprise SSL subscriber recently used a Temporary Restraining Order to prevent the proper revocation of misissued certificates. We explain.
-
Listen Now
EPISODE 414
Broadcast Date:
August 23, 202412 minutes
Podcast Aug 23, 2024Root Causes 414: What Are the Revocation Periods for Public Certs?
We detail mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revocation deadline applies.
-
Listen Now
EPISODE 385
Broadcast Date:
May 10, 202412 minutes
Podcast May 10, 2024Root Causes 385: Failed Revocation and Wildcard Certificates
We discuss misuse of wildcard certificates, failure to revoke on time, and how these two failures magnify each other.
-
Listen Now
EPISODE 383
Broadcast Date:
May 2, 202425 minutes
Podcast May 02, 2024Root Causes 383: Delayed Revocation Events by the Numbers
An epidemic of delayed revocations has infected the public CA community. We track delayed revocations since the beginning of 2021 and discuss root causes.
-
Learn More
What is certificate revocation & when should an SSL cert be revoked?
Blog Post from Sectigo
Blog Post Apr 29, 2024Digital certificates drive security. Lifecycle management, including revocation, prevents vulnerabilities. Understand its purpose and importance.
-
Listen Now
EPISODE 377
Broadcast Date:
April 11, 202417 minutes
Podcast Apr 11, 2024Root Causes 377: Is CPS/Issuance Misalignment a Revocation Event?
If you issue public certificates that are fully compliant except they don't reflect what your CPS says, are they misissued? Do they require revocation?
-
Listen Now
EPISODE 313
Broadcast Date:
June 23, 202316 minutes
Podcast Jun 23, 2023Root Causes 313: SSL Revocation Reason Codes
We explain the allowed public SSL revocation reason codes, along with some explicitly forbidden reason codes and the backstory behind them.
-
Listen Now
EPISODE 272
Broadcast Date:
January 27, 202312 minutes
Podcast Jan 27, 2023Root Causes 272: OCSP's Privacy Problem
Concerns recently have been raised about OCSP real-time certificate checking and its potential to violate privacy.
-
Listen Now
EPISODE 157
Broadcast Date:
March 19, 202112 minutes
Podcast Mar 19, 2021Root Causes 157: New Revocation Research
Research of public revocation information examines revocation behavior from public CAs. Listen for the main takeaways and "revocation transparency."
-
Listen Now
EPISODE 131
Broadcast Date:
November 30, 202017 minutes
Podcast Nov 30, 2020Root Causes 131: Apple OCSP Slowdown Explained
Apple's Big Sur OS rollout drove a slowdown in the company's OCSP responders, affecting all Apple operating systems. We explain what happened and why.
-
Listen Now
EPISODE 106
Broadcast Date:
July 14, 202027 minutes
Podcast Jul 14, 2020Root Causes 106: Massive Intermediate Certificate Distrust on the Way
14 public CAs have to revoke intermediates and destroy their keys, putting millions of active SSL, S/MIME, and other public certificates at risk.
-
Learn More
Security Flaw to Force Revocation of Intermediates; Sectigo Unaffected
Blog Post from Sectigo
Blog Post Jul 02, 2020Google has identified intermediate certificates from public CAs that violate CABF Baseline Requirements and pose security risk. Sectigo is unaffected.