Tag Archives: ca

Amazon Route 53 將會加緊支援 DNS CAA

看到 Amazon Route 53 要支援 DNS CAA 的消息:「Announcement: Announcement: CAA Record Support Coming Soon」。 裡面有提到 CA/Browser Forum 的決議,要求各瀏覽器支援 DNS CAA: On March 8, 2017, the Certification Authority and Browser Forum (CA/Browser Forum) mandated that by September 8, 2017, CA’s are … Continue reading

Posted in AWS, Cloud, Computer, DNS, Murmuring, Network, Security | Tagged , , , , , , , , , , , , , | Leave a comment

Google Chrome 對 WoSign 與 StartCom 的白名單要完全移除了

在 Twitter 上看到的: Chrome will fully distrust WoSign and StartCom in Chrome 61; beta in July, stable in September. https://t.co/5fnda6aUQw — Ivan Ristic (@ivanristic) July 7, 2017 對 WoSign 與 StartCom 的移除會發生在 61 版,而依照「Final removal of trust in WoSign and … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Service, Software, WWW | Tagged , , , , , , , , , , , | Leave a comment

Let's Encrypt 決定要規劃 Wildcard SSL Certificate 了

Let's Encrypt 把時間表喊出來了,預定在 2018 年年初開放使用:「Wildcard Certificates Coming January 2018」。 Wildcard SSL Certificate 會需要走新的 ACME v2 協定認證: Wildcard certificates will be offered free of charge via our upcoming ACME v2 API endpoint. We will initially only support base domain validation via … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Security, Service | Tagged , , , , , , , , , , , , | Leave a comment

IE 與 Edge 推出更新,阻擋 SHA-1 憑證

微軟這幾天推出更新,IE 與 Edge 將不會接受 SHA-1 憑證:「Microsoft Makes it Official, Cuts off SHA-1 Support in IE, Edge」。微軟的公告則是在「Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11」這邊。 根憑證不受影響 (所以企業自己產生的 Root CA 也不受影響): Beginning May 9, 2017, Microsoft released updates … Continue reading

Posted in Browser, Computer, IE, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , | Leave a comment

Netflix 的 BetterTLS,推廣 CA 的 Name Constraints

Netflix 因為想用 Name Constraints,所以決定自己跳出來推廣了:「BetterTLS - A Name Constraints test suite for HTTPS clients」。 就是在 CA 上可以綁定條件,只允許哪些 domain 可以被發放: 網站在「BetterTLS: Name Constraints」這邊可以看。

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , , , , , | Leave a comment

未來 CA 將會強制要求檢查 DNS CAA record

CA/Browser 通過提案,要求以後 CA 單位都要檢查 DNS CAA record 才能發放憑證 (RFC 6844 的「DNS Certification Authority Authorization (CAA) Resource Record」):「Ballot 187 - Make CAA Checking Mandatory」。 Certificate Authority Authorization (CAA) is a DNS Resource Record defined in RFC 6844 – https://datatracker.ietf.org/doc/rfc6844/ , published … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | Leave a comment

未來 SSL Certificate 的最大有效時間將降到 825 天

CA/Browser Forum 通過了這項提案,將 SSL Certificate 的最大有效時間降到 825 天 (大約 27 個月):「Ballot 193 - 825-day Certificate Lifetimes」。 所以將會從本來的 39 個月降到 27 個月左右,所以現在買得到最長的 certificate 會有 3 年,以後會有 2 年: Recent Ballot 185 demonstrated a consensus among Forum members to reduce the maximum … Continue reading

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | Leave a comment

Firefox 下一個版本 (52) 將預設關閉 SHA-1 支援

順著 SHA-1 正式被打穿,Mozilla 也正式宣佈從下一個版本的 Firefox 將完全關閉 SHA-1 支援 (看敘述應該還是可以透過 about:config 開):「The end of SHA-1 on the Public Web」。 As announced last fall, we’ve been disabling SHA-1 for increasing numbers of Firefox users since the release of Firefox 51 using a … Continue reading

Posted in Browser, Computer, Firefox, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , | Leave a comment

dehydrated 0.4.0 的新要求

dehydrated 出 0.4.0 了,剛剛把 PPA for dehydrated 更新了,已經安裝過的使用者可以直接升級使用。 這次主要的改變在於建立帳號時必須先同意 Let's Encrypt 的使用條款: dehydrated now asks you to read and accept the CAs terms of service before creating an account 這邊可以用 dehydrated --register --accept-terms 表示同意並且建立帳號。

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , | Leave a comment

微軟預定在 2017 年的西洋情人節淘汰 SHA-1 certificate

經過多次改動後,微軟這次宣佈 SHA-1 certificate 將在明年淘汰:「SHA-1 deprecation countdown」。 影響的範圍包括 Internet Explorer 11 與 Microsoft Edge,在 2017 年 2 月 14 日之後不信任 SHA-1 certificate: Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a … Continue reading

Posted in Browser, Computer, IE, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , | Leave a comment