Please join the CASC for a Hangout covering that State of the Web. Topics covered :
The move to 2048-bit certificates
The move to ShA2
TLS 1.2
EV certificates
Revocation checking
Always on SSL
PFS
New gTLDs
Members from Comodo, DigiCert, Entrust, and GoDaddy.
Robin Alden- Comodo
Jeremy Rowley- DigiCert
Bruce Morton- Entrust
Wayne Thayer- Go Daddy
Rick Andrews- Symantec
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
State of the Web
1. The State of the Web
Robin Alden, Rick Andrews,
Bruce Morton, Jeremy
Rowley, Wayne Thayer
2. The Experts
Rick Andrews
Senior Technical Director, Symantec
CASC Member
Jeremy Rowley
General Counsel, DigiCert
CASC Member
Bruce Morton
Director, Certificate Services, Entrust
CASC Member
Robin Alden
Chief Technology Officer, Comodo
CASC Member
Wayne Thayer
Vice President & General Manager, Security
Products, GoDaddy
CASC Member
4. About the CA Security Council
• Comprised of 7 leading global Certificate Authorities
• Committed to the exploration and promotion of best
practices that advance trusted SSL deployment and CA
operations
• The CASC works collaboratively to improve
understanding of critical policies and their potential
impact on the internet infrastructure
• https://casecurity.org/
5. Topics
•
•
•
•
•
•
•
•
The move to 2048-bit certificates
The move to SHA2
TLS 1.2
EV certificates
Revocation checking
Always on SSL
PFS
New gTLDs
6. The Move to 2048-bit Certificates
• As computing power increases, companies
must move to more secure keys
• Minimum 2048-bit RSA or NIST Suite B ECC
keys is recommended
• Deadline – CAs to stop issuing SSL certificates
with less than 2048-bit RSA as of January
1, 2014
7. Who Recommends 2048?
Who
Reference
NIST
Special Report SP 800-57 –
Recommendation for Key Management
NIST
Special Report SP 800-131A – Transition
of Algorithms and Key Lengths
CA/Browser Forum
Extended Validation (EV) Guidelines
CA/Browser Forum
Baseline Requirements
Adobe
AATL requirements and CDS certificate
policy
Microsoft
Microsoft Root Certificate Program –
Technical Requirements
Mozilla
Mozilla CA Certificate Policy – CA:MD5
and 1024
8. SHA-2: What and Why
• SHA-2 is the next
generation
cryptographic hash
suite that replaces
SHA-1
• Can’t continue to rely
on strength of SHA-1
Algorithm and
Variant
Output
Size
(bits)
Collisions
found?
Performance
(MiB/s)
MD5
128
Yes
335
SHA-0
SHA-1
SHA256/224
Yes
160
Theoretical
attack (260)
139
256/224
SHA-2
192
No
SHA512/384
512/384
154
9. The Move to SHA-2
SHA-1 Collisions
$3,000,000.00
$2,500,000.00
Expect a rapid migration to
SHA-2
NIST required many
applications in federal
agencies to move to SHA-2
in 2010
Windows XP added SHA-2
in Service Pack 3
$2,000,000.00
$1,500,000.00
$1,000,000.00
$500,000.00
$0.00
Cost
2012
2015
2018
2021
11. It’s Time for TLS 1.2
• Gain resistance to the BEAST attack
• Adds more secure cipher suites
• Server configuration enhances SSL security
– Majors browsers now support TLS 1.2
– You have to enable TLS 1.2
12. EV Certificates
• Purpose
– Identity through the green bar
– Instant reputation
• Adoption
– 20-30% growth in 2013 (Netcraft, OTA)
– 3-9% adoption rate (Netcraft, SSL Labs)
• Future
– Increasing scope
– Evolving standard
15. Always On SSL
• The 2 Big Myths of AOSSL
– SSL is computationally expensive
– The network latency of AOSSL will present
inevitable performance degradation
• What does AOSSL protect against?
• How to make AOSSL work for you
16. Perfect Forward Secrecy (PFS)
• Stored SSL communications can be decrypted
by attacking the server private key
• Attacking keys can be done by
compromise, subverted
employees, government demand, …
• PFS uses temporary individual keys for each
session
• PFS means that each temporary key would
need to be attacked to decrypt all
17. How to you do PFS?
• Server must support Diffie-Hellman key
exchange
• Cipher suites DHE or ECDHE need to be
supported:
– TLS_ECDHE_RSA_WITH_RC4_128_SHA
– TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
– TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
– TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
18. New Generic Top-Level Domains
(gTLD)
• 1930 new gTLDs
• ~70 approved so far
• Collisions and certificates
– SSAC and CAB Forum
– 80% released, 20% held for evaluation, 2 on hold
• Deprecation of internal server names
– Fall 2015
– Revoke certificates within 120 days of contract
19. More Information
• Learn more about Encryption at
https://casecurity.org/2013/09/13/encryption-stillworks-its-about-how-you-implement-it/
• Learn more about TLS 1.2
https://casecurity.org/2013/09/19/its-time-for-tls-12/
• Learn more about EV Certificates
https://casecurity.org/2013/08/07/what-are-thedifferent-types-of-ssl-certificates/
NIST has been recommending a move to 2048 by the end of 2010NIST allowed for a transition period through the end of 2013EV Guidelines stopped issuing EV SSL certificates with 1024 by the end of 2010Microsoft, Mozilla, and Baseline Requirements have incorporated the NIST transition period