On a mission to solve communications security issues for the whole Internet. That, and drink coffee. Zola 2025-12-03T00:00:00+00:00 https://insufficient.coffee/tag/pki/atom.xml 2025-12-03T00:00:00+00:00 2025-12-03T00:00:00+00:00 Unknown https://insufficient.coffee/2025/12/03/reflecting-on-lets-encrypt/

<p>My friend Christophe Brocas has just <a rel="external" href="https://blog.brocas.org/2025/12/01/ACME-a-brief-history-of-one-of-the-protocols-which-has-changed-the-Internet-Security/">published a retrospective on the ten years since we unveiled the ACME protocol to the world</a>. He interviewed me and some colleagues for the piece, and I recommend it!

2017-08-18T00:00:00+00:00 2017-08-18T00:00:00+00:00 Unknown https://insufficient.coffee/the-state-of-crls/

<p>Certificate Revocation Lists (CRLs) are a way for Certificate Authorities to announce to their relying parties (e.g., users validating the certificates) that a Certificate they issued should no longer be trusted. E.g., was revoked.&hellip; </p>

2017-02-23T00:00:00+00:00 2017-02-23T00:00:00+00:00 Unknown https://insufficient.coffee/2017/02/23/the-end-of-sha-1-on-the-public-web/

<p>Our deprecation plan for the SHA-1 algorithm in the public Web, <a rel="external" href="https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/">first announced in 2015</a>, is drawing to a close. Today a team of researchers from CWI Amsterdam and Google revealed the <a rel="external" href="https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html">first practical collision for SHA-1</a>, affirming the insecurity of the algorithm and reinforcing our judgment that it must be retired from security use on the Web.

2016-09-30T00:00:00+00:00 2016-09-30T00:00:00+00:00 Unknown https://insufficient.coffee/lets-encrypts-growth-to-10m-fqdns/

<p>Yesterday Let's Encrypt reached a new milestone: the unique set of all fully-qualified domain names in the currently-unexpired certificates issued by Let's Encrypt is now <strong>10,022,446</strong>.&hellip; </p>

2016-04-05T00:00:00+00:00 2016-04-05T00:00:00+00:00 Unknown https://insufficient.coffee/124-days-of-lets-encrypt/

<p>This is a quick status update from the <a href="/early-impacts-of-letsencrypt/">Early Impacts of Let's Encrypt</a> post.&hellip; </p>

2014-09-09T00:00:00+00:00 2014-09-09T00:00:00+00:00 Unknown https://insufficient.coffee/simplifying-pki-iot/

<p>Because many of the devices in the IoT are headless and have limited ability to interact with their owners, there needs to be a way to authenticate them without passwords, and without the shortcomings of the existing <a rel="external" href="http://en.wikipedia.org/wiki/Bluetooth#Pairing_mechanisms">0000 and 1234 problems</a> in the Bluetooth world.

2014-07-30T00:00:00+00:00 2014-07-30T00:00:00+00:00 Unknown https://insufficient.coffee/public-authentication/

<p>The public authentication problem is one we have all learned to solve with intuition: <em>How do I decide to trust a new person?</em>&hellip; </p>

2014-07-04T00:00:00+00:00 2014-07-04T00:00:00+00:00 Unknown https://insufficient.coffee/well-known-peers-iot/

<p>The Internet of Things is imagined to be a interconnection of sensors and physical devices of all kinds into the world’s information systems: a collection of machine-to-machine communication devices used to gather and distribute information about the world, contrasted with the human-machine interactions making up the bulk of today’s Internet. The machine-to-machine model places new restrictions on the common practices for security, as the standard practice of user authentication becomes troublesome without the regular involvement of a user.</p>