|
Robert Duncan
@
robertduncan
Bath, Somerset
|
|
Web securitist, interested in SSL/TLS. Tweets are my own.
|
|
|
1.641
Tweetovi
|
756
Pratim
|
421
Osobe koje vas prate
|
| Tweetovi |
| Robert Duncan proslijedio/la je tweet | ||
|
Subodh Iyengar
@__subodh
|
1. stu |
|
Our team has been working on improving certificate security with @Cloudflare @mozilla
Delegated credentials is a new feature in TLS that helps separate keys in a more secure way engineering.fb.com/security/deleg…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Intent To Ship
@intenttoship
|
12. ruj |
|
Gecko: Intent to unship: TLS 1.0 and TLS 1.1 groups.google.com/d/msg/mozilla.…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
martin_casado
@martin_casado
|
11. ruj |
|
Youch ... Chrome OS built-in security key has a very serious vulnerability ...
"attackers that have a single pair of signature and signed data can effectively compute the private key"
sites.google.com/a/chromium.org…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Netcraft
@Netcraft
|
29. kol |
|
Uniqlo and The Guardian among thousands of sites loading malicious code from S3 news.netcraft.com/archives/2019/… pic.twitter.com/Fd0Sgfg8Vv
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Filippo Valsorda
@FiloSottile
|
29. kol |
|
I just killed 500 lines of crypto/tls code. 🎉💥🔥
In Go 1.14, no more SSLv3. No ifdef, no option. It's deleted.
golang.org/cl/191976 pic.twitter.com/7LNTQhMuQS
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Adam Langley
@agl__
|
21. kol |
|
On the Kazakhstan MITM: security.googleblog.com/2019/08/protec… blog.mozilla.org/blog/2019/08/2…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Scott Helme
@Scott_Helme
|
10. kol |
|
It’s official, Chrome is moving the EV indicator in Chrome 77: groups.google.com/a/chromium.org…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Tom Ritter
@TomRittervg
|
9. srp |
|
DarkMatter is getting distrusted from Firefox. groups.google.com/d/msg/mozilla.… Huge thanks to the team - especially @wthayer - for running a process everyone could participate in and make their voices known.
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Ryan Hurst
@rmhrisk
|
9. srp |
|
Clearlake Capital Group and TA Associates to Make a Strategic Growth Investment in @DigiCert - digicert.com/news/clearlake… #webpki #tls
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Ryan Sleevi
@sleevi_
|
22. lip |
|
aws.amazon.com/blogs/security…
This is really cool, and great work from Amazon. The biggest challenges with rolling your own PKI are key protection, availability, and compatibility. AWS seems to be knocking it out of the park for all three. Almost all the way to replacing on-prem ADCS.
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Bailey Basile
@BasileBailey
|
12. lip |
|
Yes. System-trusted certs have to abide by the CABF BR requirements. The validity period restriction for all others goes into effect for certs with a notBefore date of 1 July 2019 or later.
support.apple.com/en-us/HT210176
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Ryan Sleevi
@sleevi_
|
12. lip |
|
Yeah! We’re going to be submitting a draft ballot for 1y shortly, for notBefore 2020/03 and later.
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Bailey Basile
@BasileBailey
|
4. lip |
|
New certificate requirements in iOS 13 and macOS Catalina: removing trust in weak algorithms, requiring server auth EKUs, enforcing maximum lifespans, and requiring SubjectAltNames.
support.apple.com/en-us/HT210176
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Andrew R. Whalley
@arw
|
21. svi |
|
Here's an update on what @googlechrome security's been up to recently (including some new things we've open sourced!) groups.google.com/a/chromium.org…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Scott Helme
@Scott_Helme
|
21. svi |
|
It seems that @letsencrypt have had to push back the plans to switch to their ISRG root by 12 months due to root propagation concerns on Android devices: letsencrypt.org/2019/04/15/tra…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Scott Helme
@Scott_Helme
|
20. svi |
|
Seems like Microsoft added "gov[.]uk" with "include_subdomains" to the HSTS preload list? bleepingcomputer.com/news/microsoft…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Ryan Hurst
@rmhrisk
|
17. svi |
|
"In conclusion, I recommend the following: Remove the Certinomis - Root CA from the Mozilla root store in an upcoming NSS release." groups.google.com/forum/?pli=1#!…
|
||
|
|
||
|
Robert Duncan
@robertduncan
|
16. svi |
|
"The TLS fingerprints that Akamai observed before Cipher Stunting was observed could be counted in the tens of thousands. Soon after the initial observation, that count ballooned to millions, and then recently jumped to billions.”
blogs.akamai.com/sitr/2019/05/b…
|
||
|
|
||
| Robert Duncan proslijedio/la je tweet | ||
|
Let's Encrypt
@letsencrypt
|
15. svi |
|
We are happy to launch Oak, a CT Log today! Certificate Transparency greatly enhances Web security by providing the opportunity to monitor and study certificate issuance. Thanks to @SectigoHQ for providing funding to make this happen! Read more: letsencrypt.org/2019/05/15/int…
|
||
|
|
||