" certificate Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘certificate’

Why Choose OV TLS Certificates? The dilemma of the middle child

Wednesday, August 9th, 2017

Choosing amongst the different certificate types

Imagine three brothers. The youngest is nimble, outgoing, and popular. He’s also growing very rapidly and will soon be the tallest in the family. The oldest is steady, thoughtful, and circumspect. He’s a high achiever, in a job with lots of responsibilities and makes loads of money. But what about the middle sibling? The classic middle child syndrome would have him struggling to find his niche between these two exemplars.

It’s much the same (as far as analogies go) with the three types of SSL/TLS certificates – Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV) – available for use in the internet security ecosystem.

TLS Certificate Validity

First, just like siblings, all three share the same genes. That is, from a cryptographic point of view, all three certificates provide exactly the same level of confidentiality and integrity protection of the communications channel by using standard security technologies (private/public keys, cipher suites, encryption algorithms, etc.) in exactly the same way using SSL/TLS. The difference, as with siblings, is how they interact with their environment and take advantage of the opportunities presented to create and project their public persona. The choice of a certificate type for a website aims at projecting a particular image of its trustworthiness and dependability.  Is the site trustworthy enough to interact with for the purposes the end user has in mind?     

Read the rest of this post »

New SSL Certificates, SHA256, and Backwards Incompatibility: What to Do?

Wednesday, October 22nd, 2014

Thanks to Google,” web sites around the world are updating their SSL certificates to use a newer “hashing” algorithm called “SHA256”.  Indeed, all new SSL certificates that LuxSci obtains for its customers will use SHA256, going forward (unless you don’t want that).

Read on to discover why this change is happening, what it means, why everyone is upset with Google for forcing the issue, and what your options are.

What’s the problem?

SHA1 is a method for making digital signatures and is used in the SSL certificates by most sites on the web.  There is currently no security issue with SHA1 and computer power is not expected to be sufficient to “crack” SHA1 until sometime in the 2020s.  In fact, Microsoft has stated, and the Internet community has agreed back in 2013, that it should be phased out by 2017 … well before the danger zone and giving folks plenty of time to transition.

Note: There is currently no known issue with SHA1 or any expectation that it is vulnerable or can be compromised now.

Read the rest of this post »

Secure: Does LuxSci Hold the Keys to Unlock your Secure Email Data?

Wednesday, December 18th, 2013

For many different reasons, customers have asked us if we hold the keys to unlocking their email data. Why?

  1. Compliance / Emergencies: Customers with compliance needs, such as HIPAA, need to have emergency access to data … and that can mean appealing to LuxSci to access data to which the customer has otherwise lost access.  Having the keys in this case, is very important.
  2. Privacy: On the other end of the spectrum, some customers want to do as much as possible to ensure that no one, not even LuxSci staff, can access their email data.

Both considerations are extremely valid in their own context.  The answer is that “it depends”.  For security and flexibility, LuxSci presents customers a variety of email encryption options that span the complete range from “completely unencrypted” to “LuxSci has no possible access“.  It is up to the customer to choose where in that spectrum they fall … often balancing ease of use with security needs.

In the following sections, we will consider to what degree LuxSci can assist customers in accessing email (and WebAides) data, based on what encryption options the customer has chosen.  We also discuss where and how your trust of LuxSci comes into play. Understanding if and when LuxSci can access encrypted data is different from understanding when messages are encrypted at rest

Read the rest of this post »

Encrypting Sent Email — An Often Overlooked Part of End-to-End Encryption

Wednesday, September 26th, 2012

You are proactive and security conscious.  You use end-to-end encryption software, like PGP or S/MIME or LuxSci SecureLine, to send your sensitive messages to their destinations, ensuring that the message content is encrypted the entire way … because otherwise, email is just plain insecure.

Oh – but what about the copies of these messages saved to your “Sent Email” folders?  Are they encrypted or secure?  Should they be?

Read the rest of this post »

How to Install S/MIME (and PGP) Encryption Certificates into Major Email Clients

Wednesday, May 27th, 2009

We at LuxSci are always being asked questions about various email programs and their usage.  With HIPAA compliance becoming more and more important, we get a lot of inquiries regarding secure email. One of the most frequently asked questions is how to install S/MIME security certificates in various email programs that our servers support. Sometimes finding instructions on installing security certificates in various email clients is difficult, even with the help of search engines. To make your search easier, we have complied instructions for several of the the major email clients:

  • S/MIME for Outlook 2003
  • S/MIME for Outlook 2007
  • S/MIME for Mail.app
  • S/MIME for Entourage
  • S/MIME for Thunderbird
  • PGP for Thunderbird via the Enigmail Add-on.

Read the rest of this post »

LUXSCI