The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns.
Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward.
Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.
Apple said over the weekend it would soon distrust certificates issued by WoSign’s Free SSL Certificate G2 intermediate CA on macOS.
Amazon’s new Certificate Manager is providing SSL certificates for free to AWS customers but experts warn it’s only a matter of time before they’re exploited.
Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.
Let’s Encrypt hit a milestone last night when it received the cross-signatures necessary to render its beta-and free-certificates trusted by all browsers.
A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]