The Certificate Transparency mechanism has successfully protected the security of 7.4 billion globally trusted SSL certificates. Can we learn from this mechanism to ensure the security of the SM2 SSL certificates? The answer is YES, definitely! That is the SM2 Certificate Transparency mechanism.
To issue an SSL certificate, user must first verify the domain name control. However, what if the CA system maliciously or mistakenly issues an unverified SSL certificate for a domain name? The certificate transparency mechanism designed by Google is to solve this problem, and it is a zero trust to the CA system and the certificate issuance behavior.
The SM2 certificate transparency mechanism, together with the website filing mechanism and the domain name registration real-name system that have been implemented in China, form a complete website security system from domain name registration (website birth) to website operation to website security (encryption), which will be truly powerful to ensure the security and controllability of China's websites and the Internet, each mechanism is indispensable.
This is a question that everyone may not care about. To ensure the security of the website, it is necessary to apply for and deploy an SSL certificate. So, who is securing the global trusted SSL certificates? This article is easy to understand, the metaphor is appropriate, and it explains the certificate transparency clearly that worth reading!
Through an in-depth interpretation of the network part of the "Federal Zero Trust Strategy", readers can understand that https encryption is the key principle of zero trust, rather than a one-sided understanding that zero trust is only the always verification of user identity.
The Russia-Ukraine conflict caused the RSA SSL certificate deployed by Russia’s online banking to be revoked, and all users cannot access the online banking system normally. China's online banking systems are also deployed RSA SSL certificate that may be revoked at any time. How to prevent the risk of revoking, the Bank of China has given the correct answer.
Zero trust is a security principle, it is also very suitable for website security. All browsers display HTTP websites as "Not secure," which is zero trust to websites that don't have a validated trusted identity. ZoTrus Website Security Cloud Service realizes HTTPS encryption, cloud WAF protection and trusted identity validation with one click, efficiently and quickly protects website security, and perfectly realizes the three steps of zero trust security for websites.
Zero trust is a security principle, it is also very suitable for website security. Never trust every web connection, always verify, allow normal connections, and block malicious connections. ZoTrus Website Security Cloud Service is a one-click realization of cloud WAF protection, efficient and fast protection of website security, and the perfect realization of the second of three steps of zero trust security for websites.
Zero trust is a security principle, it is also very suitable for website security. HTTPS encryption is zero trust to HTTP cleartext transmission. ZoTrus Website Security Cloud Service is a one-click implementation of HTTPS encryption, efficient and fast protection of website security, and the perfect realization of the first of three steps of zero trust security for websites.
To popularize the application of the SM2 SSL certificate, we must first have a browser that supports the SM2 algorithm and popularize the use of SM2 browser. Browsers (including mobile Apps), SSL certificates and web servers all support the SM2 algorithm to setup a SM2 certificate application ecosystem.
On June 15th, IE browser, which has served users for 27 years, officially said goodbye to global Internet users. The author will not complain about many things about IE browser. Let’s write something about miss IE browser.
Website security requires https encryption and cloud WAF protection, but in order to improve user experience, CDN plus edge WAF protection is most needed. The rapid product iteration of ZoTrus Website Security Cloud Service only provides the most needed and best website security cloud service.
Since the subtitle of the CEO blog is “Meet friends on blog”, as a scientific and technological worker rather than a literato, please do not care whether the grammar of the blog post is correct, but whether the article can help you understand PKI technology, cryptographic and zero trust. I have 30 years of experience in the IT industry, including CA, cryptography, software development, Internet, Internet security etc. Over the years, I have participated in many important domestic and international academic conferences, to understand the differences between Chinese and Western cultures and the latest technological frontiers. And has published many academic articles in newspapers and periodicals. In company operation, the two companies I founded have been acquired by a public listed Internet security company, and one of them is a CA that had won the sixth place in the world in the SSL certificate market and the first in the Chinese market.
I firmly believe that my article will bring value to readers both academically and company operation. thanks.
Welcome to follow the official WeChat of ZoTrus: zotrus, which will push each new blog in real time, so that you will not miss every wonderful blog post.