Dean Coclin, Senior Director of Business Development, Chairman of the CA/Browser Forum, and Jeff Barto, Certified Social Media Intelligence Expert (CSMIE), presented the the latest trends and developments in the area of SSL,TLS and S/MIME in a DigiCert webinar. Apart from pointing to the necessity of automated processes for issuing certificates in the future, Coclin also spoke about the new working group for S/MIME in the CA/B Forum, the ongoing pilot programme for Verified Mark Certificates as well as why certificate pinning is a bad idea and should be avoided.
Increasing numbers of websites are encrypted
The number of encrypted websites has, according to DigiCert, increased dramatically over the last three years. Between 2019 and 2020 alone, over 30 million certificates were issued.
Today, around 90 % of all websites are encrypted and DigiCert is expecting further growth for the second half of 2020 as well as 2021.
In August 2020, over 86.6 million certificates were issued worldwide. Year-to-date, DigiCert has issued 3.2 million new certificates while a year-over-year comparison (August 2019 to August 2020) shows DigiCert up by 9 million new certificates.
Need for automation
The most commonly used browsers, including Apple Safari, Google Chrome and Mozilla Firefox, have decisively opted for shortened certificate validity periods. Already in this year, the validity period was reduced from two years to one year. Going on, discussions will continue about further reducing validity periods to six and three months. Automated processes will be required to deal with the processing, authentication and issuing of these certificates and, according to Coclin and Barto, conformity to regulations will be required to deliver these services efficiently.
The automated implementation of certificates will gain particular importance on the side of the website operator in order to reduce the time and resources required for dealing with more frequent certificate renewals due to shorter validity periods.
S/MIME working group in CA/B Forum
A new working group has been established in the CA/B Forum for S/MIME. The group, consisting of 25 certificate authorities as well as application providers, interested parties and associate members, sees its first task in setting up a certificate profile. To this end, it is researching current S/MIME profiles around the world, carrying out research on use cases and collecting feedback. Anyone interested in participating can find out more about how to do so on the CA/B Forum website.
Beware of certificate pinning
DigiCert again expressly highlighted the dangers of certificate pinning. The pinning of certificates holds several risks when implemented incorrectly.
The implementation of certificate pinning is intended to restrict which certificates are considered valid for a specific website, in order to reduce certain security risks. However, the use of pinning has opened up a new range of security flaws and potential damage.
Verified Mark Certificates
Coclin also spoke about the pilot programme for Verified Mark Certificates (VMCs), an exciting new form of email with logo verification. It is currently being tested by several large email providers. VMCs allow companies with registered logos to display their brand logo next to the “sender” field in email clients, immediately conveying a message of reliability. The verified logo is displayed before the message is opened, creating a more uniform, authenticated and visually attractive email experience for businesses with registered logos and users.
You have questions about the latest TLS and SSL trends? Your Partner Manager will be happy to assist you.