Web PKI: How to protect a popular security service?
Guest Post: Lessons learned from a study on the interrelation of CAA, CT, and DANE in web PKI deployments.
Tag: HTTPS
Use of HTTPS resource records
Guest Post: Measuring HTTPS resource record adoption in the wild.
The HTTPS record passes a key milestone
Guest Post: Recently approved HTTPS and SVCB record types aim to change a long-standing paradigm.
Investigating hidden root certificates in the wild
Guest Post: Study identifies more than 1 million hidden root certificates operated by 5,000 organizations, including government/enterprise agencies and TLS-interception software.
HTTPA seeks to improve HTTPS trust issues
Guest Post: It’s time to upgrade HTTPS to better handle privacy concerns.
Three of the best: How to
‘How to’ posts are a great way to learn how to use a new tool, troubleshoot problems, or perform advanced tasks. Here are three of 2021’s best.
Decrypting TLS traffic with PolarProxy
Guest Post: A free (even for commercial use), generic, TLS decryption proxy for protocols using TLS encryption.
An analysis of a large-scale HTTPS interception
Guest Post: An investigation into an HTTPS interception attack using a custom root CA.
Strict Transport Security vs. HTTPS Resource Records: the showdown
Guest Post: HTTPS RRs and STS look similar but there are subtle differences in the threat models and deployment tradeoffs of each.
How far are we from a web with HTTPS everywhere
Guest Post: Website admins have a role to play to make sure HTTPS is deployed everywhere across the web.