News

More than two million SSL/TLS certificates are revoked: consequences

Deepak GuptaFebruary 16, 2022
0

Digital certificates are one of the pillars of TLS-protocolthe one that assures us that we are connecting to the website that we have put in the address bar and the one that encrypts communications, so that only the website and we can see what we exchange.

The calls are issued certification authoritiescompanies or organizations such as Camerfirma, DigiCert or Entrust, and in order for us to obtain one they must verify that we have control of the website for which we want the certificate, preventing other people from trying to supplant it.

One of the largest certification authorities today, Let’s Encrypt, a non-profit organization that has gained enormous popularity for be a free service and very easy to automate, has detected a potential security issue in your implementation of the ALPN method used to verify domain ownership. As a consequence, and applying the provisions of its policies, it has decided to revoke on January 28 all certificates that have been verified with this method issued before 00:48 UTC on January 26, 2022.

Among all the available validation methods, ALPN is the least used, so revocation affects less than 1% of all active certificates, according to data from Let’s Encrypt itself. It may not seem like much, but there are currently close to 220 million active certificatess yours in total, so about 2.2 million certificates will be revoked, although it is likely that many of them are being used on servers not accessible to the general public.

Warning, scroll to continue reading

This is the second major news regarding certificates issued by Let’s Encrypt in recent months. In September of last year one of your root certificates expired, the ones used to validate the ones it issues, which went unnoticed by systems that are kept up-to-date, but affected those that aren’t. In no case can these failures be blamed on Let’s Encrypt, which warned of the change and prepared it months in advance, but it should draw attention to the importance that this service has gained and the need to be aware of its warnings.

José Couto, Head of Security at Paradigma Digital

We have other articles that may interest you:
  1. James Webb arrives (already) at a critical moment in his mission
  2. Elon Musk’s brain-machine interface soon to be tested on humans
  3. Microsoft improves personal boundaries in AltspaceVR
  4. Guide to calibrate your 2021 LG OLED TV (A1, B1, C1 and G1)
  5. PNY helps you choose the vGPU that best suits you and your SME
  6. Alphabet and Meta, the technology companies that pay their employees the most
Deepak GuptaFebruary 16, 2022
0

Related Articles

FEED 2022 consolidates itself as the largest digital talent event in Spain

April 12, 2022

The use of AI stands out among the 86 startups selected by Lanzadera

June 1, 2023

The advance of the Omicron variant today December 7: UK sees signs that the new strain is “more transmissible

December 8, 2021

The demand for specialized talent remains unstoppable in the ICT services sector

October 6, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *