Key management
Management of cryptographic keys
Follow Key management on Notably News to receive short updates to your email — rarely!
We include updates on Certificate authority, Forward secrecy, Web of trust, Domain Name System Security Extensions, Self-signed certificate, Certificate revocation list, DNS-based Authentication of Named Entities, Extended Validation Certificate, KSV-21, Domain-validated certificate, Zeroisation, KSD-64, Broadcast encryption, Ssh-agent, StrongSwan, KAME project ... and more.
| 2025 |
Key Management Interoperability Protocol
Release of KMIP version 3.0, introducing an explicit concept of KMIP users as System Objects, improving object lifecycle and referencing, formalizing object groups and hierarchies, and adding an Obliterate administrative operation.
|
| 2025 |
Key Management Interoperability Protocol
KMIP interoperability demonstration focused on testing Post Quantum Cryptography (PQC) algorithms in anticipation of advancing quantum computer capabilities.
|
| January 2023 | CA/Browser Forum adopted version 1.0 of the 'Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates', defining four types of S/MIME certificate standards: Mailbox-validated, Organization-validated, Sponsor-validated, and Individual-validated. |
| 2021 |
Key server
The public SKS keyserver pool was shut down due to difficulties processing GDPR (General Data Protection Regulation) requirements, marking the end of the primary OpenPGP keyserver network.
|
| 2021 |
Key server
The public SKS keyserver pool, originally developed by Yaron Minsky, is shut down due to challenges processing GDPR requirements effectively.
|
| 2021 |
Key Management Interoperability Protocol
KMIP version 3.0 released, introducing an explicit concept of KMIP users as System Objects, improving object lifecycle references, formalizing object groups and hierarchies, and adding an Obliterate administrative operation.
|
| 2021 |
Qualified website authentication certificate
European Union proposes updates to eIDAS (electronic Identification, Authentication and Trust Services) regulation, requiring web browsers to incorporate government-specified 'Trusted Service Providers' and accept Qualified Website Authentication Certificates (QWACs).
|
| 2020 |
Certificate authority
According to Netcraft, DigiCert was identified as the world's largest high-assurance certificate authority, commanding 60% of the Extended Validation Certificate market and 96% of organization-validated certificates globally.
|
| September 2020 | CA/Browser Forum adopted version 2.0 of the 'Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates'. |
| August 2020 | S/MIME Certificate Working Group was chartered to create baseline requirements for CAs issuing S/MIME certificates used for email signing, verification, encryption, and decryption. |
| March 2020 |
Extended Validation Certificate
CA/B Forum implemented a new limitation on domain validation and organization data reuse, restricting maximum validity to 397 days (not to exceed 398 days).
|
| 2019 |
Public key certificate
Major browsers like Chrome and Firefox discontinued visual indicators for Extended Validation (EV) certificates, removing the previously used green color and legal name display due to security concerns and potential impersonation vulnerabilities.
|
| 2019 |
Key Management Interoperability Protocol
Release of KMIP version 2.1, adding capabilities for ping, asynchronous request processing, standardizing server-side key rotation, and introducing attribute constraint mechanisms.
|
| 2019 |
Key server
The public SKS (Synchronizing Key Server) keyserver pool experiences a significant spamming attack, marking a turning point for OpenPGP key server infrastructure.
|
| 2019 |
Key Management Interoperability Protocol
KMIP version 2.1 released, adding Ping functionality, standardizing server-side key rotation, and introducing capabilities to set and query attribute defaults and constraints.
|
| 2019 |
Extended Validation Certificate
Chrome 77 removed the EV certificate indication from omnibox, shifting EV certificate status viewing to a detailed lock icon view.
|
| 2018 |
Key Management Interoperability Protocol
KMIP version 2.0 released, removing deprecated items, improving attribute representation, introducing client log operations, enhancing error handling, and adding support for tokenization, CSR objects, and multiple new attributes and query extensions.
|
| 2018 |
Qualified website authentication certificate
The European Union approached the CA/Browser Forum (CABF) requesting to partner on updating existing Extended Validation (EV) certificate requirements to include additional Subject information.
|
| 2018 |
Qualified website authentication certificate
Google began the process of deprecating EV certificate visual indicators in web browsers, discouraging the EU from continuing to use EV certificates.
|
| September 2018 |
Extended Validation Certificate
Apple Safari on iOS 12 and MacOS Mojave removed the visual distinction of EV certificate status.
|
| August 2018 |
Forward secrecy
TLS 1.3 was published, dropping support for ciphers without forward secrecy. Wikimedia Foundation began requiring the use of forward secrecy.
|
| May 2018 |
Extended Validation Certificate
Google announced plans to redesign user interfaces of Google Chrome, removing emphasis for Extended Validation (EV) certificates.
|
| January 1 2017 |
Forward secrecy
App Transport Security (ATS) became mandatory for iOS apps, enforcing the use of HTTPS transmission with forward secrecy.
|
| 2016 |
Key Management Interoperability Protocol
Release of KMIP version 1.4, enhancing asynchronous operations, key import/export, supporting PKCS #12, and adding numerous cryptographic and operational extensions.
|
| 2016 |
Key Management Interoperability Protocol
KMIP version 1.4 released, enhancing asynchronous operations, key import/export, adding support for PKCS #12, standardizing key wrapping, and introducing multiple cryptographic and attribute-related extensions.
|
| June 2016 |
Forward secrecy
At WWDC, Apple announced App Transport Security (ATS), which requires encryption ciphers providing forward secrecy for iOS apps.
|
| 2015 |
Key Management Interoperability Protocol
KMIP version 1.3 released, featuring Streaming Cryptographic Operations, Client Registration, Locate offset/Limit, Template Deprecation, RNG queries, and other improvements.
|
| May 2015 |
Certificate authority
Netcraft reported that three certificate authorities (Symantec, Comodo, GoDaddy) account for three-quarters of all issued TLS certificates on public-facing web servers, with Symantec holding the top spot.
|
| 2014 |
Key Management Interoperability Protocol
Started tracking normalized test cases and profile tests for KMIP interop participants with multiple years of participation.
|
| November 18 2014 |
Certificate authority
A group of companies and nonprofit organizations, including the Electronic Frontier Foundation, Mozilla, Cisco, and Akamai, announced Let's Encrypt, a nonprofit certificate authority that provides free domain validated X.509 certificates.
|
| July 2014 |
Forward secrecy
Wikimedia Foundation wikis began providing forward secrecy to users.
|
| June 2014 |
Key Management Interoperability Protocol
KMIP version 1.2 released, adding Cryptographic Operations (Encrypt, Decrypt, Sign) and introducing Profiles, including Application Identifiers for tape libraries.
|
| November 2013 |
Forward secrecy
Twitter implemented forward secrecy with TLS for its users.
|
| February 2013 | Certificate Authority Security Council (CASC) was formed to promote CA/Browser Forum standards, with founding members including Comodo CA, Symantec, Trend Micro, DigiCert, Entrust, GlobalSign, and GoDaddy. |
| January 2013 | CA/Browser Forum's first 'Network and Certificate System Security Requirements' took effect, defining best practices for protecting CA networks and supporting systems. |
| January 2013 |
Key Management Interoperability Protocol
KMIP version 1.1 released, introducing minor updates to the protocol.
|
| August 2012 |
Texas Instruments signing key controversy
The RSA Lattice Siever (RSALS) distributed computing project, which had been active for nearly three years and factored over 400 integers, transitioned to RSALS-inspired NFS@home.
|
| 2011 |
Key server
PGP Corporation launches the PGP Global Directory, allowing PGP keys to be published and downloaded using HTTPS or LDAP, replacing PGP Keyserver 7.
|
| November 2011 |
Forward secrecy
Google began providing forward secrecy with TLS by default for Gmail, Google Docs, and encrypted search services.
|
| November 2011 | CA/Browser Forum adopted version 1.0 of the 'Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates' to provide minimum security standards for SSL/TLS certificates. |
| 2010 |
Key Management Interoperability Protocol
First KMIP interoperability demonstration (interop) was held, establishing an annual tradition of testing KMIP implementations between vendors.
|
| October 2010 |
Key Management Interoperability Protocol
KMIP (Key Management Interoperability Protocol) version 1.0 released as the initial version of the protocol for cryptographic key manipulation.
|
This contents of the box above is based on material from the Wikipedia articles CA/Browser Forum, Key Management Interoperability Protocol, Public key certificate, Qualified website authentication certificate, Certificate authority, Key server (cryptographic), Texas Instruments signing key controversy, Extended Validation Certificate & Forward secrecy, which are released under the Creative Commons Attribution-ShareAlike 4.0 International License.