Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

State of the Web

Please join the CASC for a Hangout covering that State of the Web. Topics covered :

The move to 2048-bit certificates
The move to ShA2
TLS 1.2
EV certificates
Revocation checking
Always on SSL
New gTLDs

Members from Comodo, DigiCert, Entrust, and GoDaddy.

Robin Alden- Comodo
Jeremy Rowley- DigiCert
Bruce Morton- Entrust
Wayne Thayer- Go Daddy
Rick Andrews- Symantec

  • Login to see the comments

  • Be the first to like this

State of the Web

  1. 1. The State of the Web Robin Alden, Rick Andrews, Bruce Morton, Jeremy Rowley, Wayne Thayer
  2. 2. The Experts Rick Andrews Senior Technical Director, Symantec CASC Member Jeremy Rowley General Counsel, DigiCert CASC Member Bruce Morton Director, Certificate Services, Entrust CASC Member Robin Alden Chief Technology Officer, Comodo CASC Member Wayne Thayer Vice President & General Manager, Security Products, GoDaddy CASC Member
  3. 3. Join the Conversation #CASChangout
  4. 4. About the CA Security Council • Comprised of 7 leading global Certificate Authorities • Committed to the exploration and promotion of best practices that advance trusted SSL deployment and CA operations • The CASC works collaboratively to improve understanding of critical policies and their potential impact on the internet infrastructure •
  5. 5. Topics • • • • • • • • The move to 2048-bit certificates The move to SHA2 TLS 1.2 EV certificates Revocation checking Always on SSL PFS New gTLDs
  6. 6. The Move to 2048-bit Certificates • As computing power increases, companies must move to more secure keys • Minimum 2048-bit RSA or NIST Suite B ECC keys is recommended • Deadline – CAs to stop issuing SSL certificates with less than 2048-bit RSA as of January 1, 2014
  7. 7. Who Recommends 2048? Who Reference NIST Special Report SP 800-57 – Recommendation for Key Management NIST Special Report SP 800-131A – Transition of Algorithms and Key Lengths CA/Browser Forum Extended Validation (EV) Guidelines CA/Browser Forum Baseline Requirements Adobe AATL requirements and CDS certificate policy Microsoft Microsoft Root Certificate Program – Technical Requirements Mozilla Mozilla CA Certificate Policy – CA:MD5 and 1024
  8. 8. SHA-2: What and Why • SHA-2 is the next generation cryptographic hash suite that replaces SHA-1 • Can’t continue to rely on strength of SHA-1 Algorithm and Variant Output Size (bits) Collisions found? Performance (MiB/s) MD5 128 Yes 335 SHA-0 SHA-1 SHA256/224 Yes 160 Theoretical attack (260) 139 256/224 SHA-2 192 No SHA512/384 512/384 154
  9. 9. The Move to SHA-2 SHA-1 Collisions $3,000,000.00 $2,500,000.00 Expect a rapid migration to SHA-2 NIST required many applications in federal agencies to move to SHA-2 in 2010 Windows XP added SHA-2 in Service Pack 3 $2,000,000.00 $1,500,000.00 $1,000,000.00 $500,000.00 $0.00 Cost 2012 2015 2018 2021
  10. 10. Join the Conversation #CASChangout
  11. 11. It’s Time for TLS 1.2 • Gain resistance to the BEAST attack • Adds more secure cipher suites • Server configuration enhances SSL security – Majors browsers now support TLS 1.2 – You have to enable TLS 1.2
  12. 12. EV Certificates • Purpose – Identity through the green bar – Instant reputation • Adoption – 20-30% growth in 2013 (Netcraft, OTA) – 3-9% adoption rate (Netcraft, SSL Labs) • Future – Increasing scope – Evolving standard
  13. 13. Revocation Checking • CRL (Certificate Revocation List) • OCSP (Online Certificate Status Protocol) – OCSP Stapling • Browser revocation checking
  14. 14. Join the Conversation #CASChangout
  15. 15. Always On SSL • The 2 Big Myths of AOSSL – SSL is computationally expensive – The network latency of AOSSL will present inevitable performance degradation • What does AOSSL protect against? • How to make AOSSL work for you
  16. 16. Perfect Forward Secrecy (PFS) • Stored SSL communications can be decrypted by attacking the server private key • Attacking keys can be done by compromise, subverted employees, government demand, … • PFS uses temporary individual keys for each session • PFS means that each temporary key would need to be attacked to decrypt all
  17. 17. How to you do PFS? • Server must support Diffie-Hellman key exchange • Cipher suites DHE or ECDHE need to be supported: – TLS_ECDHE_RSA_WITH_RC4_128_SHA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA – TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  18. 18. New Generic Top-Level Domains (gTLD) • 1930 new gTLDs • ~70 approved so far • Collisions and certificates – SSAC and CAB Forum – 80% released, 20% held for evaluation, 2 on hold • Deprecation of internal server names – Fall 2015 – Revoke certificates within 120 days of contract
  19. 19. More Information • Learn more about Encryption at • Learn more about TLS 1.2 • Learn more about EV Certificates
  20. 20. Join the Conversation #CASChangout
  21. 21. Contact Information @CertCouncil