Amid lots of other security news this week, you may have missed the announcement of the formation of a new industry group, the CA Security Council (https://casecurity.org). Symantec is a founding member of this group of leading Certificate Authorities, whose purpose is to explore and promote best practices around SSL/TLS deployment and CA operations. The announcement is at http://bit.ly/VaZNek.
The trust model involving end users, web sites and Certificate Authorities as trusted third parties has been an integral part of the explosive growth of e-commerce. But deploying and using SSL/TLS properly is not trivial, so it’s great to see groups like CASC forming to further advance trustworthy use of SSL.
Don’t confuse CASC with the CA/Browser Forum of which Symantec is also a founding member. CASC supports the CA/Browser Forum and other standards bodies in efforts to improve the SSL eco-system. CASC won’t create new standards, but will help educate the public on security threats, attacks, and other news related to Certificate Authorities. To start, check out the “Get Educated” pages like “SSL Basics” and myths about SSL and CAs. “What’s Behind the Padlock?” is a revealing infographic about what CAs really do and how they help protect you when you visit a web site with an SSL certificate.