PKI Blog

Ted Shorter

Ted Shorter
Ted Shorter is the Chief Technology Officer at CSS. Responsible for CSS’ Intellectual Property development efforts, he helps align CSS’ security focus with the changing security landscape.

Recent Posts

IoT Security Regulation: Coming Soon?

Posted by Ted Shorter on Aug 7, 2017 3:34:16 PM

Last week, a bipartisan group from the US Senate Cybersecurity Caucus proposed a new piece of legislation called the “Internet of Things Cybersecurity Improvement Act of 2017.”  While the bill has yet to be ratified, it places more intense focus on securing the billions of devices that will be given network and internet connectivity over the next few years. 

Read More

Topics: Internet of Things, Internet of Things (IoT), IoT Security, IoT legislation

How Will Blockchain Impact PKI?

Posted by Ted Shorter on May 18, 2017 8:49:05 AM

As CTO at Certified Security Solutions, I’ve been asked the question more and more lately, how will Blockchain impact PKI?”  

There’s so much mysticism around Blockchain technology today that it can become difficult to separate the reality from the hype, and the logical conclusions from wild speculation.  Nonetheless, digital certificates, and other identity-related technologies such as Public Key Infrastructure (PKI), Federation and OAuth are a core component of many systems today, so it’s logical to examine how a disruptive technology such as Blockchain will affect these technologies.

Read More

Topics: blockchain help, blockchain security, blockchain, blockchain pki, what is blockchain, public key infrastructure blockchain

SCEP Shortcomings

Posted by Ted Shorter on Mar 27, 2017 4:17:51 PM

Despite the documented shortcomings of the Simple Certificate Enrollment Protocol (SCEP), it is still in widespread use today. This is in large part due to the lack of better options when it comes to certificate enrollment – especially when it comes to more limited devices such as mobile phones, tablets, and constrained Internet-of-Things (IoT) devices such as embedded systems, sensors, automotive components, or medical devices. The simplicity of SCEP makes it an attractive choice for implementers that are bent on meeting tight timelines, but this simplicity can come at a cost.

Read More

Topics: SCEP, Simple Certificate Enrollment Protocol

Blockchain Demystified

Posted by Ted Shorter on Oct 28, 2016 8:56:44 AM

Blockchain Unblocked - What it is and what it is not

Blockchain technology has become a topic of major discussion in the past year or two.  There’s no question that the technology holds significant promise for the future… and it’s not just startups that think so:  IBM, Microsoft, Cisco, SAP, and many other major companies are investing billions of dollars in blockchain research.

Read More

Topics: blockchain help, blockchain security, blockchain, blockchain pki, what is blockchain

GlobalSign Certificate Conundrum – Why Doing PKI Right is Hard

Posted by Ted Shorter on Oct 14, 2016 12:39:36 PM

Yesterday (October 13, 2016), certain segments of the Public Key Infrastructue (PKI) world were spun into a frenzy, when a GlobalSign CA certificate appeared to have been revoked.  Clearly, revoking a CA certificate is a significant event, as all certs that chain through that CA effectively become invalid.

Read More

Topics: Public Key Infrastructure, PKI, GlobalSign, HTTPS, PKI GlobalSign

SAP's "The importance of client certificates in IoT"

Posted by Ted Shorter on Jun 9, 2016 1:56:24 PM

Jay Thoden van Velzen from SAP recently published a very interesting blog describing the use of certificate metadata as a mechanism to enhance IoT authentication.  We wholeheartedly agree with the approach.  CSS’ VerdeTTo solution is based on a similar concept, and allows us to leverage the massive scalability and certificate metadata capabilities of our CMS PKI operations management platform to transform certificates and metadata into device identities, attributes, and authenticators.

Read More

Topics: IoT, Internet of Things (IoT), SAP

Authentication in an Ultra-Connected World: Internet of Things

Posted by Ted Shorter on Oct 1, 2015 6:05:00 AM

As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates landed primarily on what I’d describe as “traditional” IT infrastructure – servers, desktops, laptops, smart cards, RADIUS servers, or VPN concentrators. But since then, things have gotten much more interesting. Handheld scanners. Surgical robots. VOIP phones. Set-top boxes. Cable modems. Even heart monitors and IV pumps.

Read More

Topics: install certificates onto devices, digital certificates, cert, embedded systems, certificate, Microsoft Security Partner, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, Microsoft Public Key Infrastructure, Cisco Internet of Things, embedded certificates, embedded devices, Microsoft PKI, X.509 digital certificates, Internet of Things, IoT, Blog, Internet of Things (IoT), certificate install, BYOD, PKI Assurance

Superfish: SSL Man in the Middle Attack

Posted by Ted Shorter on Feb 21, 2015 9:23:00 AM

Read More

Topics: SSL vulnerability, PKI, Man in the Middle Attack, Superfish, Lenovo

Five Common “DIY PKI” Mistakes to Avoid

Posted by Ted Shorter on Apr 4, 2014 3:20:46 AM

In the 12+ years that CSS has been helping organizations deploy Public Key Infrastructures, we frequently run into situations where PKI components are already present in the environment. Often it’s an older PKI that someone new to the organization has inherited and wants help evaluating; sometimes it’s a “temporary” deployment that an organization is looking to improve upon. In others, it may simply be a PKI design that a customer wants us to review and provide feedback before deployment. In any case, these “Do-It-Yourself” installations, like any PKI, can create problems, headaches, and occasionally even more serious issues if mistakes are made during the design, deployment, or operation of the PKI. And while it’s often quite easy to deploy PKI components, PKI does tend to be one of those technologies where you have exactly one chance to get it right: at install time. After that, many parameters are more or less set in stone, and a re-deployment becomes the only way to fix a mistake.

With that in mind, this is in no way an all-inclusive list, but here are five of the most common mistakes we see when encountering “DIY” PKI:

Read More

Topics: digital certificate, microsoft ca, IT Security, Microsoft Security Partner, PKI error, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Azure PKI, PKI, PKI as a Service (PKIaaS), CA, PKI deployment, PKI mistakes, Blog, PKI CA, DIY PKI, PKI installation

Apple’s SSL Bug: Another Man-in-the-Middle Attack

Posted by Ted Shorter on Feb 22, 2014 6:38:25 PM

The Problem

Read More

Topics: digital certificate, Apple’s SSL Flaw, Apple flaw, iOS 7, IT Security, Microsoft Security Partner, apple MITM attack, apple security flaw, on device key generation, Industry Trends, SSL attack, Man in the Middle Attack, ODKG, Blog, Mac SSL, Apple SSL, client-side SSL certificates, MITM, apple ssl attack, iOS 7 SSL

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?