Tag Archives: ca

Google Chrome 對 Symantec 全系列憑證的不信任計畫

Google Chrome 前陣子整理了一份對 Symantec 憑證的不信任計畫:「Chrome’s Plan to Distrust Symantec Certificates」。 這包括了一卡車的品牌,像是 Thawte、VeriSign、GeoTrust、RapidSSL,不過 Equifax 跟 Symantec 的關係我沒查到...: Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , , , , | 1 Comment

Amazon Route 53 支援 CAA record 了

Amazon Route 53 宣佈支援 CAA record 了:「Announcement: Announcement: Amazon Route 53 now supports CAA records」、「Amazon Route 53 now supports CAA records」。 這是一個被動性的 workaround,要求 CA 本身要支援 DNS CAA,所以他沒辦法防止 CA 本身作惡誤簽,但因為負作用與技術債的可能性不高,在 CA/Browser Forum 上被通過強制要求支援了。(參考「未來 CA 將會強制要求檢查 DNS CAA record」) Gandi 的 DNS … Continue reading

Posted in AWS, Cloud, Computer, DNS, Murmuring, Network, Security, Service | Tagged , , , , , , , , , , | Leave a comment

Amazon Route 53 將會加緊支援 DNS CAA

看到 Amazon Route 53 要支援 DNS CAA 的消息:「Announcement: Announcement: CAA Record Support Coming Soon」。 裡面有提到 CA/Browser Forum 的決議,要求各瀏覽器支援 DNS CAA: On March 8, 2017, the Certification Authority and Browser Forum (CA/Browser Forum) mandated that by September 8, 2017, CA’s are … Continue reading

Posted in AWS, Cloud, Computer, DNS, Murmuring, Network, Security | Tagged , , , , , , , , , , , , , | Leave a comment

Google Chrome 對 WoSign 與 StartCom 的白名單要完全移除了

在 Twitter 上看到的: Chrome will fully distrust WoSign and StartCom in Chrome 61; beta in July, stable in September. https://t.co/5fnda6aUQw — Ivan Ristic (@ivanristic) July 7, 2017 對 WoSign 與 StartCom 的移除會發生在 61 版,而依照「Final removal of trust in WoSign and … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Service, Software, WWW | Tagged , , , , , , , , , , , | 1 Comment

Let's Encrypt 決定要規劃 Wildcard SSL Certificate 了

Let's Encrypt 把時間表喊出來了,預定在 2018 年年初開放使用:「Wildcard Certificates Coming January 2018」。 Wildcard SSL Certificate 會需要走新的 ACME v2 協定認證: Wildcard certificates will be offered free of charge via our upcoming ACME v2 API endpoint. We will initially only support base domain validation via … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Security, Service | Tagged , , , , , , , , , , , , | Leave a comment

IE 與 Edge 推出更新,阻擋 SHA-1 憑證

微軟這幾天推出更新,IE 與 Edge 將不會接受 SHA-1 憑證:「Microsoft Makes it Official, Cuts off SHA-1 Support in IE, Edge」。微軟的公告則是在「Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11」這邊。 根憑證不受影響 (所以企業自己產生的 Root CA 也不受影響): Beginning May 9, 2017, Microsoft released updates … Continue reading

Posted in Browser, Computer, IE, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , | Leave a comment

Netflix 的 BetterTLS,推廣 CA 的 Name Constraints

Netflix 因為想用 Name Constraints,所以決定自己跳出來推廣了:「BetterTLS - A Name Constraints test suite for HTTPS clients」。 就是在 CA 上可以綁定條件,只允許哪些 domain 可以被發放: 網站在「BetterTLS: Name Constraints」這邊可以看。

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , , , , , | Leave a comment

未來 CA 將會強制要求檢查 DNS CAA record

CA/Browser 通過提案,要求以後 CA 單位都要檢查 DNS CAA record 才能發放憑證 (RFC 6844 的「DNS Certification Authority Authorization (CAA) Resource Record」):「Ballot 187 - Make CAA Checking Mandatory」。 Certificate Authority Authorization (CAA) is a DNS Resource Record defined in RFC 6844 – https://datatracker.ietf.org/doc/rfc6844/ , published … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | 1 Comment

未來 SSL Certificate 的最大有效時間將降到 825 天

CA/Browser Forum 通過了這項提案,將 SSL Certificate 的最大有效時間降到 825 天 (大約 27 個月):「Ballot 193 - 825-day Certificate Lifetimes」。 所以將會從本來的 39 個月降到 27 個月左右,所以現在買得到最長的 certificate 會有 3 年,以後會有 2 年: Recent Ballot 185 demonstrated a consensus among Forum members to reduce the maximum … Continue reading

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | Leave a comment

Firefox 下一個版本 (52) 將預設關閉 SHA-1 支援

順著 SHA-1 正式被打穿,Mozilla 也正式宣佈從下一個版本的 Firefox 將完全關閉 SHA-1 支援 (看敘述應該還是可以透過 about:config 開):「The end of SHA-1 on the Public Web」。 As announced last fall, we’ve been disabling SHA-1 for increasing numbers of Firefox users since the release of Firefox 51 using a … Continue reading

Posted in Browser, Computer, Firefox, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , | Leave a comment