Certificate lifetimes are getting shorter, and that’s a good thing!
Digicert now issues 47-day certificates, while Let’s Encrypt has dropped to just six. What’s behind the shift?
Tag: certificate
Certifiably vulnerable: Using Certificate Transparency logs for target reconnaissance
Guest Post: Large-scale measurement study identifies potential threats of Certificate Transparency logs.
Whose certificate is it anyway?
Guest Post: How Certification Authority Authorization is used globally.
Reflections on certificates, Part 2
Guest Post: A brief guide to certificate best practices.
Reflections on certificates, Part 1
Guest Post: Understanding the complexity, trust relationships, and tradeoffs of certificates can lead to better decision-making and more efficient operations.
What if Certificate Transparency carried the same burdens as OCSP and CRLs?
What will happen if the load on CT logs grows?
How to: Run delegated RPKI in Krill
Guest Post: If you’re a member of more than one RIR and manage IP address space and routes across them, delegated RPKI will allow you to use manage ROAs seamlessly and transparently.
The wrong certificate: Apache, Let’s Encrypt and OpenSSL
Geoff Huston shares some PKI config issues experienced when migrating labs.apnic.net to a new platform.
Revocation: is there a better way to secure certificates?
Learn how browsers are being made aware of revoked certificates and the the challenges associated with this security measure.
Is the web ready for OCSP Must-Staple?
Guest Post: What do clients and web servers need to do to support OSCP Must-Staple?