Latest SSL News Updates – Comodo, Certificate Transparency, Paypal

Market Share Trends for SSL Certification Authorities. W3Techs.com market share trends report from April 2015 to April 2016 shows Comodo reaching 40,8% of the market share in the SSL industry while all other Certification Authorities have been left behind, including Symantec (26,6 %) and GoDaddy Group (12%) and GlobalSign (9.7%) while none of the others have managed to hit over 3% mark.

Google’s New Certificate Transparency Log. Google has implemented Certificate Transparency (CT). Deployed Secure Socket Layer Certificates are tracked to determine if they are trusted or not. CT provides a record of the SSL Certificates issued for a specific domain. This is an attempt by Google to enhance web security. It is advised that users should be mindful of mis-issued certificates and only trust websites that have received SSL certification only from reputed CAs like Comodo, Symantec and other companies.

Do Free Digital Certificates Compare With The Paid Ones? Amazon announced giving away free SSL Certificates to websites that use cloud-based Amazon Web Services platform. Let’s Encrypt, an open source Certificate Authority run by the Electronic Frontier Foundation, issued its first HTTPS certificate in September 2015. As of March, Let’s Encrypt boasts of issuing over a million free certificates to more than 2.4 million domains. Apparently Amazon Web Services Certificate Manager stores the corresponding private keys in the cloud, which is highly unsafe.

There is a risk involved in Secure Socket Layer security with Let’s Encrypt as well. Being an Open Source platform, it bears similar risks from online attacks as Heartbleed Vulnerability that inflicted damage to OpenSSL, the biggest open source library for SSL and TLS protocols.

SSL inspection tools are the only way to identify malicious files masquerading as encrypted data. Certification Authorities issuing free SSL Certificates don’t provide SSL inspection services. Commercial CAs ensure SSL inspection and detection services are available for their customers. Hacker groups are naturally inclined to attack the domains secured with free SSL Certificates because they have more security blind spots than the ones made with long-term commercial and security implications in mind.

U.S. National Institute of Standards and Technology (NIST) outlined transition of domains to a secondary CA being a requirement to ensure the best practice in an event of CA compromise and fraudulent certificate issuance scenarios. However, Amazon Web Services Certificate Manager doesn’t support the transition of domains to a secondary CA.

The industry is replacing old and insecure SHA-1 Hashing Algorithm with its successor SHA-2.  As a payment processor, it is PayPal’s responsibility to ensure the highest level of security for their merchants, developers, and consumers. In accordance with this obligation, PayPal is making upgrades to the SSL certificates on all their web and API endpoints. If you are using Instant Payment Notification (IPN), you must be running a SHA-256 SSL compliant server as soon as possible! If you are using Paypal.com for instant payment notification (IPN) and have a non SHA-256 compliant server or OS, you will need to upgrade to a SHA-256 compliant server / OS configuration. If your IPN listener/validator is hosted by a partner, shopping cart or third-party hosting, please advise them to take the necessary steps to ensure ongoing connectivity.


Source: W3Techs, Threat Post, Amazon, NIST.


‘Latest SSL News Updates’ is licensed under a Creative Commons Attribution 4.0 International License. You have permission to republish this article with attribution to the author and Blog.trustico.com.
Creative Commons License

How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating 0 / 5. Vote Count : 0

No Votes So Far! Be The First To Rate This Post