Free Post Certificate Authorities Ballot SC22: Reduce Certificate Lifetimes We've made some great progress in the TLS and PKI ecosystem in recent years, driven largely by the actions of browser vendors. We could have just taken another...
Free Post Certificate Transparency Announcing CT Monitoring for Report URI! I've spoken a lot about Certificate Transparency on my blog recently and how powerful it is for site operators to be able to keep track of certificates issued...
Free Post CSRF CSRF is (really) dead A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will...
Free Post EV Gone forEVer! Regular readers will know my view on EV certificates but in the last week there have been 2 very significant announcements from the 2 largest browser vendors in the world....
Free Post Report URI Thinking more about bots and whether we do enough I've worked at some great companies during my career and worked alongside some great people too. Many of those I still keep in contact with and recently I...
Free Post Security Headers Security Headers Updates I've just deployed a few changes to Security Headers to bring it up to date with recent changes in the industry. Here are the details and how they...
Free Post Report URI Maintaining state in a Cloudflare Worker It's no secret that we use Cloudflare Workers extensively at Report URI and once you're using a Worker, you can keep adding more functionality to it....
Free Post Hack Yourself First The Hack Yourself First UK Tour now has Hotel Packages Ticket sales are still open for the Hack Yourself First UK Tour and to make it even easier to attend, we're now offering Hotel Packages! -------------------------------------------------------------------------------- The HYF...
Free Post Cloudflare Workers Deprecating TLSv1.0 and TLSv1.1 gracefully with Cloudflare Workers A lot has changed in the TLS ecosystem in just the last few years and and a huge drive towards deploying TLS has seen a surge in the adoption of...
Free Post Let's Encrypt Let's Encrypt to transition to ISRG root Let's Encrypt have announced that on July 8th, 2019 they will begin issuing new certificates from their own intermediate CA and not their current cross-signed intermediate. Here'...