-
Listen Now
EPISODE 385
Broadcast Date:
May 10, 202412 minutes
Podcast May 10, 2024Root Causes 385: Failed Revocation and Wildcard Certificates
We discuss misuse of wildcard certificates, failure to revoke on time, and how these two failures magnify each other.
-
Listen Now
EPISODE 383
Broadcast Date:
May 2, 202425 minutes
Podcast May 02, 2024Root Causes 383: Delayed Revocation Events by the Numbers
An epidemic of delayed revocations has infected the public CA community. We track delayed revocations since the beginning of 2021 and discuss root causes.
-
Learn More
What is certificate revocation & when should an SSL cert be revoked?
A Blog Post from Sectigo
Blog Post Apr 29, 2024Digital certificates drive security. Lifecycle management, including revocation, prevents vulnerabilities. Understand its purpose and importance.
-
Listen Now
EPISODE 377
Broadcast Date:
April 11, 202417 minutes
Podcast Apr 11, 2024Root Causes 377: Is CPS/Issuance Misalignment a Revocation Event?
If you issue public certificates that are fully compliant except they don't reflect what your CPS says, are they misissued? Do they require revocation?
-
Listen Now
EPISODE 313
Broadcast Date:
June 23, 202316 minutes
Podcast Jun 23, 2023Root Causes 313: SSL Revocation Reason Codes
We explain the allowed public SSL revocation reason codes, along with some explicitly forbidden reason codes and the backstory behind them.
-
Listen Now
EPISODE 272
Broadcast Date:
January 27, 202312 minutes
Podcast Jan 27, 2023Root Causes 272: OCSP's Privacy Problem
Concerns recently have been raised about OCSP real-time certificate checking and its potential to violate privacy.
-
Listen Now
EPISODE 157
Broadcast Date:
March 19, 202112 minutes
Podcast Mar 19, 2021Root Causes 157: New Revocation Research
Research of public revocation information examines revocation behavior from public CAs. Listen for the main takeaways and "revocation transparency."
-
Listen Now
EPISODE 131
Broadcast Date:
November 30, 202017 minutes
Podcast Nov 30, 2020Root Causes 131: Apple OCSP Slowdown Explained
Apple's Big Sur OS rollout drove a slowdown in the company's OCSP responders, affecting all Apple operating systems. We explain what happened and why.
-
Listen Now
EPISODE 106
Broadcast Date:
July 14, 202027 minutes
Podcast Jul 14, 2020Root Causes 106: Massive Intermediate Certificate Distrust on the Way
14 public CAs have to revoke intermediates and destroy their keys, putting millions of active SSL, S/MIME, and other public certificates at risk.
-
Learn More
Security Flaw to Force Revocation of Intermediates; Sectigo Unaffected
A Blog Post from Sectigo
Blog Post Jul 02, 2020Google has identified intermediate certificates from public CAs that violate CABF Baseline Requirements and pose security risk. Sectigo is unaffected.
-
Listen Now
EPISODE 94
Broadcast Date:
May 26, 202024 minutes
Podcast May 26, 2020Root Causes 94: Revocation Checking Through OCSP and CRL
One essential portion of the certificate lifecycle is the ability to revoke certificates. Public SSL certificates use a pair of mechanisms to communicate this revocation status to client machines, CRL and OCSP. In this episode we explain how these mechanisms work and some of their strengths and challenges.
-
Listen Now
EPISODE 24
Broadcast Date:
June 27, 201916 minutes
Podcast Jun 27, 2019Root Causes 24: Certificate Revocation
Certificate revocation is an essential part of the certificate lifecycle. Join our hosts as they discuss revocation by the CA, code signing, and malware.