Submit Search
Upload
New Window of Opportunity
•
Download as PPTX, PDF
•
1 like
•
358 views
CASCouncil
Follow
NIST 2013- Certificate Transparency- A Certification Authority's Perspective
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 11
Download now
Recommended
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
Skoda Minotti
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Wolfgang Kandek
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
Managed firewall service.
Managed firewall service.
Mindtree Ltd.
Simplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS Environment
Engine Yard
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
Ivanti
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
Managed Service Brochure
Managed Service Brochure
Len Moncrieffe
Recommended
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
Skoda Minotti
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Wolfgang Kandek
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
Managed firewall service.
Managed firewall service.
Mindtree Ltd.
Simplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS Environment
Engine Yard
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
Ivanti
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
Managed Service Brochure
Managed Service Brochure
Len Moncrieffe
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
Michael Scovetta
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
Nandita Nityanandam
IT Service & Asset Management Better Together
IT Service & Asset Management Better Together
Ivanti
Ivanti remote worker ds
Ivanti remote worker ds
Ivanti
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
The Future of Technology Operations
The Future of Technology Operations
Ivanti
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
A Primer on iOS Management and What's Changing
A Primer on iOS Management and What's Changing
Ivanti
Cisco Connect 2018 Malaysia - introducing cisco dna assurance-the future of n...
Cisco Connect 2018 Malaysia - introducing cisco dna assurance-the future of n...
NetworkCollaborators
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data Protection
Tripwire
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Onward Security
Best Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
From Physical to Virtual to Cloud
From Physical to Virtual to Cloud
Cisco Security
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
Cisco Security
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
Thales e-Security
141118 Thales contributions and benefits
141118 Thales contributions and benefits
SINTAS
More Related Content
What's hot
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
Michael Scovetta
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
Nandita Nityanandam
IT Service & Asset Management Better Together
IT Service & Asset Management Better Together
Ivanti
Ivanti remote worker ds
Ivanti remote worker ds
Ivanti
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
The Future of Technology Operations
The Future of Technology Operations
Ivanti
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
A Primer on iOS Management and What's Changing
A Primer on iOS Management and What's Changing
Ivanti
Cisco Connect 2018 Malaysia - introducing cisco dna assurance-the future of n...
Cisco Connect 2018 Malaysia - introducing cisco dna assurance-the future of n...
NetworkCollaborators
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data Protection
Tripwire
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Onward Security
Best Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
From Physical to Virtual to Cloud
From Physical to Virtual to Cloud
Cisco Security
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
Cisco Security
What's hot
(20)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
IT Service & Asset Management Better Together
IT Service & Asset Management Better Together
Ivanti remote worker ds
Ivanti remote worker ds
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
The Future of Technology Operations
The Future of Technology Operations
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
A Primer on iOS Management and What's Changing
A Primer on iOS Management and What's Changing
Cisco Connect 2018 Malaysia - introducing cisco dna assurance-the future of n...
Cisco Connect 2018 Malaysia - introducing cisco dna assurance-the future of n...
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data Protection
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Best Practices for Cloud Security
Best Practices for Cloud Security
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
From Physical to Virtual to Cloud
From Physical to Virtual to Cloud
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
Viewers also liked
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
Thales e-Security
141118 Thales contributions and benefits
141118 Thales contributions and benefits
SINTAS
Protecting application delivery without network security blind spots
Protecting application delivery without network security blind spots
Thales e-Security
Thales e-Security corporate presentation
Thales e-Security corporate presentation
Thales e-Security
SaaS Marketing Plan: 5 Ways to Get your B2B App to Sell Itself
SaaS Marketing Plan: 5 Ways to Get your B2B App to Sell Itself
Lincoln Murphy
Go to-market strategy for B2B SaaS companies
Go to-market strategy for B2B SaaS companies
Guillaume Lerouge
Viewers also liked
(6)
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
141118 Thales contributions and benefits
141118 Thales contributions and benefits
Protecting application delivery without network security blind spots
Protecting application delivery without network security blind spots
Thales e-Security corporate presentation
Thales e-Security corporate presentation
SaaS Marketing Plan: 5 Ways to Get your B2B App to Sell Itself
SaaS Marketing Plan: 5 Ways to Get your B2B App to Sell Itself
Go to-market strategy for B2B SaaS companies
Go to-market strategy for B2B SaaS companies
Similar to New Window of Opportunity
Myths of validation
Myths of validation
Jeff Thomas
110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Systems, Inc.
Monitoring in the DevOps Era
Monitoring in the DevOps Era
Mike Kavis
security and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Security
agoldsmith1
Improving Quality through Continuous Integration - A case study of CollabNet
Improving Quality through Continuous Integration - A case study of CollabNet
Venkat Janardhanam, MS, MBA
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
Cristian Garcia G.
Transforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
RightScale
Should healthcare abandon the cloud final
Should healthcare abandon the cloud final
sapenov
CAs And The New Paradigm Shift
CAs And The New Paradigm Shift
CASCouncil
Logicalis BYOD Briefing
Logicalis BYOD Briefing
Logicalis Australia
CSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
CloudSecurityAllianceAustralia
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
CloudSecurityAllianceAustralia
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
Samuel Reed
The Tools and Machinery behind the curtain
The Tools and Machinery behind the curtain
Jan Van Bruaene
Security architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
Similar to New Window of Opportunity
(20)
Myths of validation
Myths of validation
110307 cloud security requirements gourley
110307 cloud security requirements gourley
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Monitoring in the DevOps Era
Monitoring in the DevOps Era
security and compliance in the cloud
security and compliance in the cloud
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Security
Improving Quality through Continuous Integration - A case study of CollabNet
Improving Quality through Continuous Integration - A case study of CollabNet
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
Transforming cloud security into an advantage
Transforming cloud security into an advantage
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
Should healthcare abandon the cloud final
Should healthcare abandon the cloud final
CAs And The New Paradigm Shift
CAs And The New Paradigm Shift
Logicalis BYOD Briefing
Logicalis BYOD Briefing
CSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
The Tools and Machinery behind the curtain
The Tools and Machinery behind the curtain
Security architecture best practices for saas applications
Security architecture best practices for saas applications
More from CASCouncil
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
CASCouncil
Six Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the Past
CASCouncil
What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?
CASCouncil
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to know
CASCouncil
TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly
CASCouncil
2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll
CASCouncil
Symantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the Web
CASCouncil
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security
CASCouncil
Update on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser Forum
CASCouncil
Extended Validation Builds Trust
Extended Validation Builds Trust
CASCouncil
CA Day 2014
CA Day 2014
CASCouncil
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
CASCouncil
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
CASCouncil
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure Web
CASCouncil
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
CASCouncil
State of the Web
State of the Web
CASCouncil
Trust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory Processes
CASCouncil
Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!
CASCouncil
CA Self Regulation
CA Self Regulation
CASCouncil
Nation-State Attacks On PKI
Nation-State Attacks On PKI
CASCouncil
More from CASCouncil
(20)
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
Six Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the Past
What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to know
TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly
2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll
Symantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the Web
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security
Update on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser Forum
Extended Validation Builds Trust
Extended Validation Builds Trust
CA Day 2014
CA Day 2014
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure Web
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
State of the Web
State of the Web
Trust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory Processes
Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!
CA Self Regulation
CA Self Regulation
Nation-State Attacks On PKI
Nation-State Attacks On PKI
Recently uploaded
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Recently uploaded
(20)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
New Window of Opportunity
1.
New Window of
Opportunity: Certificate Transparency - A Certification Authority’s Perspective Ben Wilson, SVP DigiCert Ben_at_digicert_dot_com www.digicert.com +1 (801) 877-2100
2.
Introduction
• Goals of Certificate Transparency: – Provide insight into issued SSL certificates – Provide better remediation services – Ensure CAs are aware of what they issue • DigiCert supports the concept of transparent certificate practices and certificate logging: – Voiced our support of transparency early on – Already accessing Google’s log server • Some outstanding areas require discussion prior to advocating industry-wide implementation ©DigiCert, Inc. 2013. All Rights Reserved April 2013
3.
Issuance Flow ©DigiCert, Inc.
2013. All Rights Reserved April 2013
4.
Transparency
• Benefits – Fast detection = better mitigation – Greater visibility = better accountability for domain owners – Visible trust in operations = increased trust for CAs – Greater opportunity for discussion on certificates = improvement in Internet security • Security – Enables detection of problem and mis-issued certificates – Necessary for adequate remediation ©DigiCert, Inc. 2013. All Rights Reserved April 2013
5.
Public Logging
• Public logging was discussed previously in CA /B Forum – Action by a browser was needed to make it happen • Public log shines a light on CAs • Public log provides mitigation – All of the incidents could have been more quickly detected and remediated with CT • Public log helps researchers • Public log is detection in security – Baseline requirements is prevention – Revocation is remediation ©DigiCert, Inc. 2013. All Rights Reserved April 2013
6.
Security Improvement
• Raises awareness of practices – Allows broader observation of a CA’s practices – Allows domain owners to identify illegitimate use of domain names (Early Warning System) • Exposes weak points/players in ecosystem – Enables research to identify improvement areas • Enables trust decisions for domain owners – Self-regulating mechanism for the market ©DigiCert, Inc. 2013. All Rights Reserved April 2013
7.
Other Benefits
• Backward compatible • Driving towards implementation • Expands the existing system – SSL has a proven track record – Lots of institutional knowledge – Increasingly stringent standards • Avoids “unintended consequences” of new technology • Deployed by CAs and Browsers – Web site operator participation is not required ©DigiCert, Inc. 2013. All Rights Reserved April 2013
8.
Implementation
• Obtained REST JSON API from Google (URL reference) • Identified log servers – No new infrastructure • Updated our issuance code to communicate with log server • Created code to verify signed proof on response before embedding into certificate • Modified our certificate profile ©DigiCert, Inc. 2013. All Rights Reserved April 2013
9.
Remaining Questions from
CAs • Number of Proofs – Each proof increases certificate size – Increased certificate size hampers performance • Privacy, competitive business considerations • Level playing field requirement for all CAs • Exemptions for internal certificates • Log accessibility and resiliency of deployment ©DigiCert, Inc. 2013. All Rights Reserved April 2013
10.
Log Server Considerations
Model implementation provided by Google – Uses SQL light for log tree storage – Which CAs can add to a log? – What will be considered a trusted log? Security policy for trusted log operation is needed – Identify desired uptime and performance objectives – Scope broad enough to include entire system (e.g. mitigating disruption due to log compromises) – Perform risk assessment and adopt controls – Policy adoption process needs to be quick / efficient ©DigiCert, Inc. 2013. All Rights Reserved April 2013
11.
Conclusion
DigiCert supports Certificate Transparency because it – Addresses vulnerabilities in the current trust model – Creates transparency and accountability that will lead to prevention and early detection of mis-issuances – Is based on existing technologies that are easily supported with industry coordination – Enhances existing self-regulating mechanisms by leveraging an existing, refined and time-tested CA trust- anchor system while avoiding the “unintended consequences” of new technology in unfamiliar space ©DigiCert, Inc. 2013. All Rights Reserved April 2013
Download now