Skip to main content
banner image
venafi logo

The London Protocol Aims to Expose the Misuse of Machine Identities in Phishing Attacks

The London Protocol Aims to Expose the Misuse of Machine Identities in Phishing Attacks

london protocol exposes phishing websites
July 3, 2018 | David Bisson

An advocacy group has announced the creation of a new protocol for the purpose of minimizing phishing activity on “identity websites.”

On 27 June, the Certificate Authority Security Council (CASC) unveiled the launch of the London Protocol at a CA/Browser forum event in London. The standard will help further differentiate websites encrypted with organization validated (OV) and extended validation (EV) certificates from websites protected by domain validated (DV) certificates. EV and OV certificates are collectively known as identity certificates because both of these types of machine identities contain organization identity information.

As of this writing, five public certificate authorities (CAs) have agreed to uphold the London Protocol and begin implementing its procedures. These entities are as follows: Comodo CA, Entrust Datacard, GlobalSign, GoDaddy and Trustwave.

Christian Simko, vice president of marketing for the Americas and EMEA at GlobalSign, said the London Protocol is all about maintaining authenticated websites’ integrity while minimizing anonymity online. As quoted in a press release:

"While there is no arguing that the advent of the encrypted internet is a move in the positive direction, it has unfortunately created user confusion and fostered an increased threat of phishing attacks with more websites being ‘secured’ with anonymous DV certificates."

The five participating CAs agreed to voluntarily band together under the London Protocol to contribute to a common database designed to reduce future phishing content on the web. Upon the database’s completion, other CAs can get guidance before issuing new OV and EV certificates. Additionally, the CAs will actively monitor phishing reports for websites encrypted with their OV and EV certificates and work with website owners if phishers hijack their sites.

According to a document published by the CASC in early June, the London Protocol’s implementation will proceed in four phases. GlobalSign and the others have already begun the first phase, which involves announcing the Protocol, researching its implementation and beginning to enact its basic procedures. Phase Two will begin in September 2018 when participating CAs start to apply the Protocol to their customers’ identity websites. December will mark the beginning of Phase Three when the participating CAs will develop policies and procedures for universal implementation of the Protocol across all CAs. This all culminates with Phase Four in March 2019 when the founding participants are slated to share their findings and recommend possible changes to the Baseline Requirements of the CA/Browser forum.

As the London Protocol gathers steam, organizations should take steps of their own to prevent phishers from misusing their OV and EV web certificates. A crucial part of this process involves gaining complete visibility into their machine identities. Learn how Venafi can help.

Related posts

Like this blog? We think you will love this.
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more