CA/Browser Forum issues best practices for SSL/TLS certificates

SSL/TLS certificates are used to authenticate the ownership of websites and other online resources, as well as to encrypt information for privacy as it crosses the internet and other networks.

The baseline requirements draw upon best practices from the SSL/TLS sector to provide clear standards for CAs on verification of identity, certificate content and profiles, CA security, revocation mechanisms, use of algorithms and key sizes, audit requirements, liability, privacy and confidentiality, and delegation (including external sub-CAs and registration authorities), the forum explained.

The baseline requirements become effective on July 1, 2012, allowing CAs time to bring their SSL/TLS policies and practices into compliance with the standard. The CA/Browser Forum said it intends to continue development of the baseline requirements to address the risks and threats involving the issuance or use of SSL/TLS certificates.

The issuing of the standards follows a rough year for CAs. A number of CA partners of Comodo were hacked earlier in the year. In addition, the Dutch government revoked the authority of DigiNotar after a series of fraudulent certificates were issued by the company.

"The new baseline requirements will improve the reliability and accountability of SSL/TLS issuance for relying parties by establishing baseline standards for all types of SSL/TLS certificates from all publicly trusted CAs", said Tim Moses, chairman of the CA/Browser Forum.
 

What’s hot on Infosecurity Magazine?