The SSL protocol is stronger now than ever, because of the number of researchers assessing it and the improvements that have been made.
What’s important is that we’re evolving, and we have a better unity than ever before in focusing on efforts that will earn the trust we seek from our customers and all users and improve internet security.
Increased threats towards CAs from sophisticated hacker networks, global cybercriminal organizations and state-sponsored espionage.
Pressure for global and increasingly tough standards - CA/B Forum, Network Security Guidelines.
Great need for research and education to help people better understand how to use SSL to its maximum benefit. There needs to be a leader and it can’t be just one CA, it must be a unified group.
The CASC’s mission is to advance internet security by promoting deployments and enhancements to publicly trusted certificates and through public education, collaboration, and advocacy.
Promotion of best practices that advance trusted SSL deployment and CA operations as well as the security of the internet in general. The CASC strives for the adoption of digital certificate best practices and the proper issuance and use of digital certificates by CAs, browsers, and other interested parties. While not a standards-setting organization, the CASC works collaboratively to improve understanding of critical policies and their potential impact on the internet infrastructure.
What’s important is for people to realize that we as CAs can do more to improve SSL security, but not alone. Browsers, software vendors, web server administrators, even end users can contribute by getting educated about the key factors and working together to value security.
The CASC works actively with browsers, relying parties and other stakeholders to enhance internet security through practical, thoughtful measures and collaborative research. In addition, the CASC supports the efforts of the CA/Browser Forum and other standards-setting bodies in their important work, and will continue to help develop reasonable and practical enhancements that improve trusted Secure Sockets Layer (SSL) and Certificate Authority (CA) operations.
Coinciding with its launch, the CASC is announcing the first of a planned series of educational and advocacy efforts related to best practices in SSL deployment with a focus on the importance of online certificate status checking and revocation.
Specifically, the CASC will highlight the benefits of OCSP stapling for web server administrators, software vendors, browser makers, and end-users through blog posts, conference presentations and other resources.
Six Reasons http Will Become a Thing of the Past
REASONS HTTP WILL BECOME
A THING OF THE PAST
Reason #1: Browsers Will Warn
Users of Non-HTTPS Connections
Chrome plans to warn users when
pages are insecure (non-https),
and will warn if an insecure page
asks for a password or credit card
with words “Not Secure”
Firefox plans a similar warning
for sites requiring passwords
and credit cards
Both will transition to a more
noticeable red triangle
When passwords are requested over http:
Chrome to Present Similar Warnings
Treatment of HTTP pages with
password or credit card form fields:
Current (Chrome 53) login.example.com
Jan. 2017 (Chrome 56) login.example.comNot secure
Reason #2: Powerful Features
Only on HTTPS
Reason #3: HTTP2 Over HTTPS Only
Chrome, Firefox, IE, Edge,
Safari, Opera test comparison
0 20 40 60
Latency (in milliseconds)
0 5 10 15 20
LoadTime (in seconds)
Reason #4: Improved Referrer Data
Use HTTPS for your own site
and improve your referrer
Reason #5: GMAIL Showing
SMTP TLS Connection GUI in gmail
Use publicly trusted
certs for mail servers
NO ENCRYPTION WITH
of mail servers don’t
have a publicly trusted
SSL cert yet, according
Reason #6: HTTPS is Coming
to a Domain Near You
46%Participate in the
OUT OF 1166
As of 10/17/16
What Do These Mean?
SymbolsThat Are Consistent,
Universal, Global, No Learning Curve!
Certificate usage will continue to
grow6.5 to 7.5M in 12 months
Fueled by https initiatives (search ranks, powerful
features, negative browser UI)
SNI servers will show
SHA-1 usage will
(and so will XP!)
Phishing using DV certs
will continue to increase
Chrome will be on the
bleeding edge of changes
IPv6 will finally be
adopted for CRL and