What’s going on with certificate revocation?
Does X.509 certificate revocation work as intended, or even work at all?
Tag: TLS
Identifying unexpected Internet services
Guest Post: Study finds that TCP SYN-ACK is not an accurate indicator of service presence because of middlebox responses.
Seven years in the life of Hypergiants’ off-nets
Guest Post: Google, Facebook and Netflix have invested heavily in deploying servers deep inside other networks over the past seven years.
Vulnerabilities show why STARTTLS should be avoided if possible
Guest Post: Study finds more than 40 STARTTLS-related security flaws in many different software products, both client-side and server-side.
ALPACA attack: Analysing and mitigating cracks in TLS authentication
Guest Post: Study shows adding a TLS-protected email or FTP server to a network can enable cookie-stealing or cross-site scripting attacks against web servers in the same network.
TLS with DANE
RFC 9102: Trust versus credulity.
Decrypting TLS traffic with PolarProxy
Guest Post: A free (even for commercial use), generic, TLS decryption proxy for protocols using TLS encryption.
Introducing TCPLS: A game of transport protocols
Guest Post: QUIC combines features of TCP and TLS to speed up web object transfers, but it has its flaws. What if there was another way to combine TCP and TLS?
Measuring DNS over TLS from the edge
Guest Post: Measuring DoT from the end user, using 3200 RIPE Atlas home probes deployed at the edge, in more than 125 economies.
How To: Run Krill behind an NGINX reverse proxy
Guest Post: Krill has a built-in HTTPS server but you can also run a production grade webserver as a reverse proxy for easy TLS configuration and additional restrictions.