Internet Trust: Standards, Security, and the Global Fight for Audit
•
1 like•1,424 views
This presentation has been delivered by Scott Perry at the PECB Insights Conference 2017.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Internet Trust: Standards, Security, and the Global Fight for Audit
Similar to Internet Trust: Standards, Security, and the Global Fight for Audit (20)
More from PECB
More from PECB (20)
Recently uploaded
Recently uploaded (20)
Internet Trust: Standards, Security, and the Global Fight for Audit
- 1. Standards, Security, and Audit The Global Fight for Internet Trust Scott S. Perry CPA, CISA
- 2. 2 The Gauntlet Has Been Thrown
- 3. 3 The Accused Steps into the Ring
- 4. 4 Domain Certificate on Chrome
- 5. 5 List of Certification Authorities Rank Issuer Usage Market share 1 Comodo 8.1% 40.6% 2 Symantec 5.2% 26.0% 3 GoDaddy 2.4% 11.8% 4 GlobalSign 1.9% 9.7% 5 IdenTrust 0.7% 3.5% 6 DigiCert 0.6% 3.0% 7 StartCom 0.4% 2.1% 8 Entrust 0.1% 0.7% 9 Trustwave 0.1% 0.5% 10 Verizon 0.1% 0.5% 11 Secom 0.1% 0.5% 12 Unizeto 0.1% 0.4% 12 Buypass 0.1% 0.1% 13 QuoVadis < 0.1% 0.1% 14 Deutsche Telekom < 0.1% 0.1% 15 Network Solutions < 0.1% 0.1% 16 TWCA < 0.1% 0.1% A W3Techs survey from April 2016 shows: A W3Techs survey from April 2016 shows:[12]
- 6. 6 Internet Map of Certification Authorities
- 7. 7 Certificates of Internet Trust Type of certificate Domain validated? Subject Name Validated? Address Validated? Pad Lock Displayed by Browser? Green address bar or other special treatment? Relative price DV X X $ OV X X X X $$ EV X X X X X $$$ Source: CA/Browser Forum
- 8. 8 Domain Certificate on IE
- 11. 11 View Certificate on Chrome
- 14. 14 IE “Green Bar” for EV Certs
- 15. 15 Details on EV Certificates
- 16. 16 Certificates of Internet Trust Type of certificate Domain validated? Subject Name Validated? Address Validated? Pad Lock Displayed by Browser? Green address bar or other special treatment? Relative price DV X X $ OV X X X X $$ EV X X X X X $$$ Source: CA/Browser Forum
- 17. 17 The Compromise of CA - DigiNotar
- 19. 19 Trusted Root Certificate Authorities Certification Authorities
- 21. 21 Website Security Trust Model
- 22. 22 How Certificate Transparency Works Certificate Transparency (CT) works within the existing Certificate Authority (CA) infrastructure as a way to provide post-issuance validation of an entity’s authorization for the issuance of SSL Certificates. The certificate issuance process is shown below with new steps introduced by CT highlighted in blue. 1. Server operator purchases certificate from CA 2. CA validates server operator 3. CA creates a precertificate 4. CA logs the precertificate with the log server, which returns a signed certificate timestamp (SCT) 5. CA issues SSL Certificate 6. SSL Certificate may include signed certificate timestamp (SCT) 7. Browser validates SSL Certificate during the TLS handshake 8. Browser validates the SCT provided during the TLS handshake, either through OCSP stapling, through a TLS extension, or from information embedded in the certificate 9. Browser makes connection with the server 10. SSL Certificate encrypts all data as it is passed from the browser to the server Credit to: www.digicert.com
- 23. 23 How Certificate Transparency Works Credit to: www.digicert.com
- 26. 26 Big Browser is Watching!
- 27. 27 Should the Browsers Govern Internet Trust? They are the visible face to Internet Users (green bar) They have name recognition They rely on CA performance They have the compute resources They exact leverage using the Browser Trust Store They are not independent They are not Certification Authorities They are not Auditors They are commercially motivated Their fairness can be questioned YES NO
- 28. 28 The First Internet Judge?