What if Certificate Transparency carried the same burdens as OCSP and CRLs?
What will happen if the load on CT logs grows?
Tag: certificate
How to: Run delegated RPKI in Krill
Guest Post: If you’re a member of more than one RIR and manage IP address space and routes across them, delegated RPKI will allow you to use manage ROAs seamlessly and transparently.
The wrong certificate: Apache, Let’s Encrypt and OpenSSL
Geoff Huston shares some PKI config issues experienced when migrating labs.apnic.net to a new platform.
Revocation: is there a better way to secure certificates?
Learn how browsers are being made aware of revoked certificates and the the challenges associated with this security measure.
Is the web ready for OCSP Must-Staple?
Guest Post: What do clients and web servers need to do to support OSCP Must-Staple?
Incorporating OCSP Must-Staple into certificates
Guest Post: What is the current reliability and accuracy of CA responders, and what do they need to do in order for OCSP Must-Staple to be deployed successfully?
Overcoming the limitations of OCSP
Guest Post: Online Certificate Status Protocol (OCSP) is one of the primary protocols browsers use to communicate with Certificate Authorities to obtain revocation attestations.
Analyzing the certificate ecosystem using CT logs
Guest Post: Study scans 600 million certificates from 30 CT logs to analyze the application of best security practices.
Mission accomplished? HTTPS security after DigiNotar
Guest Post: What are the most widely used HTTPS security extensions and how are they improving HTTPS security for users?
Certificate Transparency to the rescue
Guest Post: What is Certificate Transparency, and why is it becoming an ever-important security feature?