Breaking News

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro Sony launches a high-resolution shotgun microphone with superior sound quality and compact design. Arctic announces New Liquid Freezer III Pro 280 and Pro 420 Silicon Power Launches Hypera microSDXC Express Card Samsung announces Watch8, Z Fold7 and Z Flip7

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Facebook, Mozilla, and Cloudflare Announce  TLS Delegated Credentials Standard to Improve Security of TLS Certificates

Facebook, Mozilla, and Cloudflare Announce TLS Delegated Credentials Standard to Improve Security of TLS Certificates

Enterprise & IT Nov 1,2019 0

Facebook, Mozilla, and Cloudflare announced today a new technical specification called TLS Delegated Credentials, currently undergoing standardization at the Internet Engineering Task Force (IETF).

Delegated credentials is an extension to the TLS protocol, and an extremely effective method for securing certificates. TLS is a cryptographic protocol that underpins the more widely-known HTTPS protocol, used for loading websites inside browsers via an encrypted connection.

In modern server deployments, a certificate could be deployed to thousands of servers, which could be distributed all over the world. It’s important to ensure the security of the certificate to prevent potential attackers from gaining control of a certificate, which would enable them to perform a man-in-the-middle (MITM) attack on traffic to the server.

If a certificate becomes compromised before it expires, the only option currently available to server operators is to revoke the certificate. However, certificate revocation does not work well for modern browsers. Revocation checking mechanisms such as Online Certificate Status Protocol (OCSP) may require browsers to speak to a certificate authority and can be blocked. They can also add latency to the connection establishment. As a result, modern browsers do not rely on them and instead use alternative mechanisms, such as the CRLsets used by Chrome. The truth is that the shorter the certificate lifetime, the less likely a certificate will need to be revoked before it expires. However, if the certificate expiration time is reduced to just a few hours, and in case the network between the authority that validates the certificates and servers is temporarily down, will also result in a server not being able to obtain a valid certificate. Without a valid certificate, the website will go down. To mitigate this risk, services like Facebook's generally opt for a longer expiration time, so there is time to recover from any failures.

Delegated credentials allow a server to better balance this trade-off between security and reliability. A server generates a new delegated credential structure containing a public key and an expiration time, which can be as little as a few hours. It can then use its signed certificate (also known as a leaf certificate) to sign the delegated credential. Since this delegated credential is generated and signed by a server, it does not need to contact the certification authority servers every time it needs to create a new delegated credential.

The delegated credentials can live up to seven days and can be rotated automatically once they expire.

The TLS Delegate Credentials extension was specifically developed for large website setups, such as Facebook, or for website using content delivery networks (CDNs), such as Cloudflare.

TLS Delegated Credentials will be compatible with the TLS protocol v1.3 and later.

Tags: SecurityCybersecurityTLS
Previous Post
TikTok-owner Bytedance Releases The Nut Pro 3 Smartphone
Next Post
Rambus Demos GDDR6 Running at 18 Gbps

Related Posts

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • Samsung Develops New Security Chip For Mobile Devices

  • Samsung Says Your Galaxy S20’s Secure Processor Protects it Against Hardware Attacks

  • SK Telecom and Samsung Unveil the First QRNG-Powered 5G Smartphone

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

Latest News

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro
PC components

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro

Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.
Cameras

Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.

Arctic announces New Liquid Freezer III Pro 280 and Pro 420
Cooling Systems

Arctic announces New Liquid Freezer III Pro 280 and Pro 420

Silicon Power Launches Hypera microSDXC Express Card
Cameras

Silicon Power Launches Hypera microSDXC Express Card

Samsung announces Watch8, Z Fold7 and Z Flip7
Smartphones

Samsung announces Watch8, Z Fold7 and Z Flip7

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed