News

By majority vote, the CA/B Forum (the SSL regulator) accepted Ballot SC21, a proposal to improve log integrity control. The main goal of the proposal is to finalise the Network and Certificate System Security Requirements document, which was approved on 3 August 2012, with implementation beginning on 1 January 2013.

The Google Security Team has announced a plan to block mixed content to make browsing HTTPS pages more secure. Mixed content refers to HTTPS pages that load various resources (images, videos, style sheets, scripts) using the HTTP protocol.

New security indicators will be presented in Firefox 70 and will reduce the visual significance of EV SSL certificates and draw more attention to sites accessed through an insecure HTTP protocol.

As we mentioned in a previous publication, major browsers, including Google, Mozilla, Microsoft, and Apple, announced that they were withdrawing support for TLS 1.0 and 1.1 in their products in 2019. These protocols, despite the fact that they do not have any known vulnerabilities, do not support modern cryptographic algorithms.

The new Ballot SC22 proposal to reduce the maximum validity of SSL certificates to one year (more precisely, to 397 days) was rejected by a majority vote. Active discussions on this issue have been held at the CA/B Forum over the past few months.