Wednesday, 1 February 2012

A New Industry Standard For Issuing And Managing SSL Certificates

The security of SSL Certificates was under much scrutiny last year after high profile security breaches of Certificate Authorities resulted in the bankruptcy of Dutch Certificate Authority Diginotar, while the large European Certificate Authority GlobalSign had to stop issuing SSL Certificates while they investigated whether a breach of their security structure resulted in rogue SSL Certificates being issued.

In order to address concerns about the trustworthiness of SSL Certificates and to ensure that users are informed when relying on SSL Certificates The First Industry Standard For Issuing And Managing SSL Certificates has been released to come into effect on 01 July 2012.

The voluntary Baseline Requirements For Issuing And Managing Publicly Trusted Certificates released by the CA/Browser Forum - an international consortium of Certificate Authorities, suppliers of Internet Browser software and other relying-party software vendors - was developed over the last few years with the input of over fifty internet related companies, including the AICPA/CICA WebTrust for Certification Authorities Task Force and ETSI ESI.

The new guideline addresses issues such as CA security, privacy and confidentiality, best practices for verification of identity, right of use, accuracy of information, SSL Certificate revocation procedures, audit requirements and SSL encryption algorithms. While not currently mandatory the CAs responsible for the issuance of 94% of SSL Certificates issued worldwide, have already pledged to adoption of the guidelines.

Given the vast array of software that uses SSL Certificates and millions of websites that depend on these certificates for economic survival, the development and implementation of these technical requirements is a great move for the SSL Certificate industry - not only improving the accountability and reliability of SSL Certificate providers but primarily benefiting the security and privacy of the end user.



Trustico only supplies the Highest Quality SSL Certificates From Symantec. Symantec is an industry leader setting the highest standards for internet security, a proactive and innovative force in the fight against cybercrime and a member of the CA/Browser Forum.

No comments:

Post a Comment