Published 2017-08-18
Certificate Revocation Lists (CRLs) are a way for Certificate Authorities to announce to their relying parties (e.g., users validating the certificates) that a Certificate they issued should no longer be trusted. E.g., was revoked.
[read more]Published 2017-02-23
Our deprecation plan for the SHA-1 algorithm in the public Web, first announced in 2015, is drawing to a close. Today a team of researchers from CWI Amsterdam and Google revealed the first practical collision for SHA-1, affirming the insecurity of the algorithm and reinforcing our judgment that... [read more]
Published 2016-09-30
Yesterday Let’s Encrypt reached a new milestone: the unique set of all fully-qualified domain names in the currently-unexpired certificates issued by Let’s Encrypt is now 10,022,446.
[read more]Published 2016-04-05
This is a quick status update from the Early Impacts of Let’s Encrypt post.
[read more]Published 2014-09-09
Because many of the devices in the IoT are headless and have limited ability to interact with their owners, there needs to be a way to authenticate them without passwords, and without the shortcomings of the existing 0000 and 1234 problems in the Bluetooth world.
[read more]Published 2014-07-30
The public authentication problem is one we have all learned to solve with intuition: How do I decide to trust a new person?
[read more]Published 2014-07-04
The Internet of Things is imagined to be a interconnection of sensors and physical devices of all kinds into the world’s information systems: a collection of machine-to-machine communication devices used to gather and distribute information about the world, contrasted with the human-machine interactions making up the bulk of today’s Internet.... [read more]
On a mission to solve communications security issues for the whole Internet. That, and drink coffee.
This work is licensed under a Creative Commons Attribution 4.0 International License.