Certificate Authorities Aim to Improve Identity Assurance

A group of leading SSL/TLS Certificate Authorities are working on the London Protocol effort to figure out what's needed to improve certificate identity assurance. The Certificate Authority Security Council (CASC) announced a new effort dubbed the "London Protocol" on June 27 in a bid to help improve identity assurance for web security certificates. The London Protocol benefits from the support of multiple Certificate Authority (CA) vendors, including Comodo CA, Entrust Datacard, GlobalSign, GoDaddy and Trustwave. The London Protocol is a multi-stage effort that will be implemented over a 10-month period that aims to help understand how attackers are misusing SSL/TLS certificates and what the CAs can do to help minimize risks. "In general, the CAs have not really worked together to share data in the past to really provide a higher level of of identity assurance for certificates," Chris Bailey, vice president of strategy and business development for certificate services at Entrust Datacard, told eWEEK. "What we want to do is get together and make sure we have a way to provide a consistent method to continuously improve on these identity certificates that show organization information, so they can continue to be relied upon in the future." The CASC itself is a group of the largest SSL/TLS Certificate Authorities in the world that was formed in February 2013. The CASC has been actively working in the years since to move web security forward with multiple initiatives to help improve the trust and efficacy of certificate security.