Free Post TLS Are shorter certificates finally coming?! Regular readers will know my views on the validity period of TLS certificates, and how they definitely need to be made shorter than they currently are! We made some good...
Free Post QWAC What the QWAC?! Almost 2 years on from the last time I wrote about QWACs, I'm sadly not here to tell you that things have gone well since then. In fact,...
Free Post TLS Cryptographic Agility Part 1: Server Certificates We've encountered a lot of problems of our own making in the TLS/PKI ecosystem in recent years, and whilst we've got better at dealing with...
Free Post EV If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate For a little while now I've been following a new type of certificate that you may soon be hearing a lot more about. They're called a...
Free Post Crawler Report Top 1 Million Analysis - November 2021 Wow! It's been quite a while since I've had time to do my regular analysis of security in the Top 1 Million site, but it'...
Free Post legacy tls Legacy TLS is on the way out: Start deprecating TLSv1.0 and TLSv1.1 now With TLS having taken some great steps forwards in recent years, with TLSv1.2 in 2008 and TLSv1.3 in 2018, it's time to start dropping support for...
Free Post crawl Top 1 Million Analysis - September 2019 Yes, it's that time of year again and the last 6+ months have flown by. Time for a look at the state of security in the Top 1...
Free Post Cloudflare Workers Deprecating TLSv1.0 and TLSv1.1 gracefully with Cloudflare Workers A lot has changed in the TLS ecosystem in just the last few years and and a huge drive towards deploying TLS has seen a surge in the adoption of...
Free Post HTTPS HTTPS Anti-Vaxxers; dispelling common arguments against securing the web The web is moving to HTTPS, it has been for many years. We've seen an acceleration in the progress in recent months but we still have a long...
Free Post HTTPS Debunking the fallacy that paid certificates are better than free certificates, and other related nonsense Those that know me or have followed me online will know I'm a massive advocate of encryption on the web. One of my goals is to help encrypt...
Follow