cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

Mis-Used Term on (ISC)2 Site - "Digital Certificate"

This note is a request for the (ISC)2 staff to correct an error on the main isc2.org Members Only drop down from the home page.

 

Under the first column is the term Digital Certificates. Clicking on that term leads to a file download window, allowing download of a PDF file of the member's (ISC)2 Certification certificate.

Please change that phrase to Download Your Certificate as PDF.

 

Within the infosec community the term digital certificate has a very specific technical meaning with regard to the world of Public Key Infrastructure (PKI), asymmetric encryption, server certificates for Transport Layer Security (TLS), and digital signatures (not to be confused with electronic signatures). A major portion of our (ISC)2 membership deals directly with those PKI issues regularly, and has locked in on the technical definition. As a result, most of us see that item and think that (ISC)2 is running a Certification Authority (CA) server, and can issue PKI certificates to members, suitable for digitally signing and encrypting e-mail and other documents. Obviously, not so.

 

Since the term is used on a part of the (ISC)2 site accessible only to registered site users, that is members and certification aspirants, we should be using the correct terminology there, and not misleading members expecting a true PKI-based digital certificate.

 

Thank you.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
26 Replies
Flyslinger2
Community Champion

Which brings up an interesting concept. If ISC2 had their own trusted CA and issued digital certs to it's members.  Those certs could be encoded on smart cards like Yubi key.  We could then use our digital representation as the verification that we reviewed content and endorsed it.

 

Bam!

Early_Adopter
Community Champion

@Flyslinger2  While an interesting hobby, Trusted CAs are really quite hard work, and Imagine the fallout from a DigiNotaring of ISC2 when someone gets drunk during a key ceremony? infamy, infamy, they’ve all got it in for me.

 

It could even be ‘Certificate in a Digital Format’ if it didn’t need to be wedded to PDF.

Flyslinger2
Community Champion

@Early_Adopter with AWS and Safenet's HSM's in the cloud, "CAaaS" is normal. But I'm all in if it is a bourbon party.

Early_Adopter
Community Champion

Tempting... but Never mind Gemalto and Amazon, Thales* can build us good honest on Prem HSMs inside an aircraft carrier!

 

We could crew it, fuel it, generate roots, sign the intermediates, take the roots offline and than sail past the Spratlys just when we needed a trade deal the most.

 

 

*I firmly believe that this is pronounced ‘Thails’ despite what the French say...

Flyslinger2
Community Champion

I've been on sea trials with tech my company made for the Navy years ago.  Loved it. especially night flight OPS.

 

A floating CA makes me tingly.

 

 

amandavanceISC2
Moderator

@CraginS Thank you for your suggestion! I will bring this to management for review to see if we can update the wording.

 

I appreciate you providing this suggestion!

 

Best Regards,

Amanda Vance

Early_Adopter
Community Champion

The HMS/USS/SS let’s encrypt, circumnavigating the globe fulfiling CSRs via satellite(maybe the back up on the ISS?)

 

in periods of of radio silence mini-tender drone subs could provide an asynchronous best effort service?

Calv1n
Newcomer I

Good point, while it meant the digital version of course credentials, most security folks would think first of the PKI cryptography kind.  Perhaps "e-Certificate" would project the right meaning.

crystal_waston
Newcomer II

A digital badge is a simple way for you to share a credential online. You can attach your badge to a website, email signature, or social network, and with one simple click, employers and other interested parties can easily view and verify your credential and the skills and experience required to earn it.