I’ve been running this blog on an LTS version of Ubuntu that has recently exited Long Term Support,
so while migrating data I’m also reworking parts of this blog, including a long-anticipated move
from tacticalsecret.com (what a … term) to the timeless
CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual queries can bring, and does so for the whole Web, not just special parts of it.
CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of the Online Certificate Status Protocol (OCSP) while avoiding a need for some administrative decisions on the relative value of one... [read more]
CRLite is a technology proposed by a group of researchers at the IEEE Symposium on Security and Privacy 2017 that compresses revocation information so effectively that 300 megabytes of revocation data can become 1 megabyte.
Firefox for Android (Fennec) now supports the Web Authentication API as of version 68. WebAuthn blends public-key cryptography into web application logins, and is our best technical response to credential phishing. Applications leveraging WebAuthn gain new second factor and “passwordless” biometric authentication capabilities. Now, Firefox for Android... [read more]
I gave a lightning talk at our Mozilla All-Hands meeting about CRLite, a new technology for delivering revocations for the Web PKI to all clients in a very compressed form.
At Mozilla’s Austin All-Hands I gave a lightning talk about Web Authentication, which is our best technical solution to the scourge of phishing today.
Certificate Revocation Lists (CRLs) are a way for Certificate Authorities to announce to their relying parties (e.g., users validating the certificates) that a Certificate they issued should no longer be trusted. E.g., was revoked.
We’re changing the methodology used to calculate the Let’s Encrypt Statistics page, primarily to better cope with the growth of Let’s Encrypt. Over the past several months it’s become clear that the existing methodology is less accurate than we had expected, over-counting the number of websites using Let’s... [read more]