Revocation of X.509 certificates
‘Revocation is broken’ is a catchphrase in the world of certificates and Certificate Authorities. Certification infrastructure may not have been designed for the Internet of today.
Tag: certificate
Ten years of Let’s Encrypt
A review of Christophe Brocas’ history of Let’s Encrypt, published on his website.
How Let’s Encrypt reduced the impact of zombie clients
Guest Post: A new rate limit has significantly reduced the load on Let’s Encrypt’s infrastructure.
Certificate lifetimes are getting shorter, and that’s a good thing!
Digicert now issues 47-day certificates, while Let’s Encrypt has dropped to just six. What’s behind the shift?
Certifiably vulnerable: Using Certificate Transparency logs for target reconnaissance
Guest Post: Large-scale measurement study identifies potential threats of Certificate Transparency logs.
Whose certificate is it anyway?
Guest Post: How Certification Authority Authorization is used globally.
Reflections on certificates, Part 2
Guest Post: A brief guide to certificate best practices.
Reflections on certificates, Part 1
Guest Post: Understanding the complexity, trust relationships, and tradeoffs of certificates can lead to better decision-making and more efficient operations.
What if Certificate Transparency carried the same burdens as OCSP and CRLs?
What will happen if the load on CT logs grows?
How to: Run delegated RPKI in Krill
Guest Post: If you’re a member of more than one RIR and manage IP address space and routes across them, delegated RPKI will allow you to use manage ROAs seamlessly and transparently.