Tag: certificates

  • SSL/TLS Certificate lifetime redux

    SSL/TLS Certificate lifetime redux

    I wrote an article in 2020 about SSL/TLS Certificate lifetimes, the upshot of which was that the certificate/browser industry had just moved to 1yr (398 days to be precise) certificate expiries. I noted the following: There have been a number of attempts over the years to reduce the lifetime of certificates as they apply to…

  • SSL/TLS Certificate lifetime

    SSL/TLS Certificate lifetime

    The SSL/TLS certificate revocation system (CRL and OCSP) is broken. This is a fact known for a long time by the whole certificate industry. Long-lived certificates that have issues (eg. a certificate that was fraudulently issued), hang around on the Internet for extended periods (currently up to 3 years) potentially causing security and authenticity issues.…

  • Symantec, Google and the SSL Monkey

    Symantec, Google and the SSL Monkey

    Some education first PKI or Public Key Infrastructure is a technology that allows website visitors to trust SSL certificates presented by SSL encrypted websites. An example is when you visit your Internet Banking website – you can verify the authenticity of the site by checking the SSL Certificate of the site ( ie. clicking on…