Home / News / Company news

Company News


‘SSL certificate withdrawal model is not flexible enough’

TCI Leading Specialist Dmitry Belyavskiy spoke at the 14th CENTR Security Workshop, which took place in Tel Aviv, Israel, earlier this week. He described how the SSL/TLS certificate withdrawal model has developed in recent years and how to make the process more flexible. The SSL/TLS certificate is a digital signature, which guarantees the validity and security of an https protocol. However, compromised or miss-keyed input or other errors in the issuance of the certificate are becoming the focus of attention more often now.

“The certificate withdrawal model, which was standardized more than 15 years ago, now lacks flexibility. We need measures on pinpoint limitations of trust at the level of various apps. This is already being implemented in popular browsers like Google Chrome and Mozilla Firefox. We propose adjusting the description of the limitation separately from the applications which would allow us to continue using the limitation lists and avoid errors when programming them manually,” Dmitry Belyavskiy said.

This summer, Russian experts already spoke about changes to the certificate validation process at IETF 99, and the issue was supported by the meeting’s participants. TCI continues working in this direction.

Back to the list

‘SSL certificate withdrawal model is not flexible enough’