Tag: Certificate Authority
-
The HTTPS Lockdown: Chrome & CAs Retire 11 Legacy Domain Validation Methods by 2028
The HTTPS certificate ecosystem is beginning a phased retreat from weaker methods of domain ownership verification. The Chrome Root Program and the CA/Browser Forum have approved new requirements for certificate authorities that will gradually retire eleven “legacy” Domain Control Validation (DCV) mechanisms. The rationale is straightforward: when trust in a certificate rests on fragile signals—such…
-
Cloudflare’s 1.1.1.1 DNS Service Was Targeted by a Rogue Certificate Authority
On September 3, 2025, researcher Youfu Zhang reported to the Mozilla dev-security-policy mailing list that the certification authority Fina RDC 2020 had issued multiple TLS certificates for the IP address 1.1.1.1. This address, jointly operated by Cloudflare and APNIC, underpins Cloudflare’s public DNS resolver. Since no third party can legitimately prove control over it, the…
-
Let’s Encrypt Kills OCSP to Boost Privacy, Citing 340 Billion Monthly Requests
Let’s Encrypt has officially retired its OCSP (Online Certificate Status Protocol) service, replacing it with CRL (Certificate Revocation Lists). As the organization reminded, OCSP URLs have not been included in certificates since April 2025, and all older certificates containing them have now expired. The primary reason for abandoning OCSP is to better safeguard user privacy.…