Certificate Transparency

PCI DSS 4.0; Certificate Transparency Monitoring is mandatory!

I've previously covered two of the major new requirements coming in PCI DSS 4.0, and now it's time to take a look at another one!...

Cryptographic Agility Part 1: Server Certificates

Free Post

TLS

Cryptographic Agility Part 1: Server Certificates

We've encountered a lot of problems of our own making in the TLS/PKI ecosystem in recent years, and whilst we've got better at dealing with...

Free Post

CRLite

CRLite: Finally a fix for broken revocation?

I've talked a lot about revocation in recent years and the issues with the current methods for checking the revocation status of a certificate are well understood and...

Announcing CT Monitoring for Report URI!

Free Post

Certificate Transparency

Announcing CT Monitoring for Report URI!

I've spoken a lot about Certificate Transparency on my blog recently and how powerful it is for site operators to be able to keep track of certificates issued...

Free Post

Certificate Authorities

Fishing for certs

I recently saw a tweet that got me thinking, then it got me reading, then it kept me busy for about an hour. In that short space of time I...

Free Post

CT

Finding phishing sites with CT

I've spoken a couple of time recently about CT and it really is an awesome thing to have. We can now add one more wicked feature to our...

Free Post

Expect-CT

CT is coming, are you ready?

We're living in a pretty awesome time right now as we observe significant advances being made in the TLS/PKI ecosystem all around us. One of those advances...

Do SSL warranties protect you? As much as rocks keep tigers away...

Free Post

HTTPS

Do SSL warranties protect you? As much as rocks keep tigers away...

This post is the first of two that I will be publishing over the coming days to address a few concerns that seem to be rising in the wider community....

Free Post

Certificate Transparency

A new security header: Expect-CT

With the October 2017 deadline approaching for compliance with Chrome's Certificate Transparency policy, sites can use the new Expect-CT header to determine if they're ready. It&...

Free Post

Certificate Transparency