New Standard For Issuance of SSL/TLS Certificates

Posted by Soulskill on Friday December 16, 2011 @10:08AM from the new-model-new-flaws dept.

wiredmikey writes "In light of the many security breaches and incidents that have undermined the faith the IT industry has in Certificate Authorities (CAs) and their wares, the CA/Browser Forum, an organization of leading CAs and other software vendors, has released the 'Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates,' an industry-wide baseline standard for the operation of CAs issuing SSL/TLS digital certificates natively trusted by the browser. The CA/Browser Forum is requesting Web browser and operating system vendors adopt the requirements (PDF) as part of their conditions to distribute CA root certificates in their software. According to the forum, the Baseline Requirements are based on best practices from across the SSL/TLS sector and touch on a number of subjects, such as the verification of identity, certificate content and profiles, CA security and revocation mechanisms. The requirements become effective July 1, 2012, and will continue to evolve to address new risks and threats."

1 of 62 comments (clear)

Min score:

Reason:

Sort:

Or by Spad · 2011-12-16 10:14 · Score: 5, Insightful

In other news: Certificate Authorities who were already half-assing their verification processes, hiding their security breaches and not bothering to secure their internet-facing phpmyadmin installs will continue to do exactly that under the new regime right up to the point that they get caught, just like now.