home.social

#webpki — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #webpki, aggregated by home.social.

  1. ⚠️ 𝗟𝗲𝘁'𝘀 𝗘𝗻𝗰𝗿𝘆𝗽𝘁: 𝗦𝘁𝗼𝗽𝗽𝗶𝗻𝗴 𝗜𝘀𝘀𝘂𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁

    "We have been made aware of a potential incident and are shutting down all issuance."

    May 8, 2026 18:37 UTC

    letsencrypt.status.io/pages/in

    #letsencrypt #tls #webpki #pki #browsers #security #privacy #selfhosting #cybersecurity #ITInfrastructure

  2. ⚠️ 𝗟𝗲𝘁'𝘀 𝗘𝗻𝗰𝗿𝘆𝗽𝘁: 𝗦𝘁𝗼𝗽𝗽𝗶𝗻𝗴 𝗜𝘀𝘀𝘂𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁

    "We have been made aware of a potential incident and are shutting down all issuance."

    May 8, 2026 18:37 UTC

    letsencrypt.status.io/pages/in

    #letsencrypt #tls #webpki #pki #browsers #security #privacy #selfhosting #cybersecurity #ITInfrastructure

  3. ⚠️ 𝗟𝗲𝘁'𝘀 𝗘𝗻𝗰𝗿𝘆𝗽𝘁: 𝗦𝘁𝗼𝗽𝗽𝗶𝗻𝗴 𝗜𝘀𝘀𝘂𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁

    "We have been made aware of a potential incident and are shutting down all issuance."

    May 8, 2026 18:37 UTC

    letsencrypt.status.io/pages/in

    #letsencrypt #tls #webpki #pki #browsers #security #privacy #selfhosting #cybersecurity #ITInfrastructure

  4. ⚠️ 𝗟𝗲𝘁'𝘀 𝗘𝗻𝗰𝗿𝘆𝗽𝘁: 𝗦𝘁𝗼𝗽𝗽𝗶𝗻𝗴 𝗜𝘀𝘀𝘂𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁

    "We have been made aware of a potential incident and are shutting down all issuance."

    May 8, 2026 18:37 UTC

    letsencrypt.status.io/pages/in

    #letsencrypt #tls #webpki #pki #browsers #security #privacy #selfhosting #cybersecurity #ITInfrastructure

  5. ⚠️ 𝗟𝗲𝘁'𝘀 𝗘𝗻𝗰𝗿𝘆𝗽𝘁: 𝗦𝘁𝗼𝗽𝗽𝗶𝗻𝗴 𝗜𝘀𝘀𝘂𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁

    "We have been made aware of a potential incident and are shutting down all issuance."

    May 8, 2026 18:37 UTC

    letsencrypt.status.io/pages/in

  6. 🔐 Wanna read about #WebPKI to feel smart? Well, this site boasts about #HTTPS while rocking an expired cert. 🤦‍♂️ It's like a security guard locked outside his own building, yelling about safety! 🚫🔒
    blog.brycekerley.net/2026/03/0 #SecurityExpired #CertFail #SafeGuard #HackerNews #ngated

  7. 🔐 Wanna read about #WebPKI to feel smart? Well, this site boasts about #HTTPS while rocking an expired cert. 🤦‍♂️ It's like a security guard locked outside his own building, yelling about safety! 🚫🔒
    blog.brycekerley.net/2026/03/0 #SecurityExpired #CertFail #SafeGuard #HackerNews #ngated

  8. 🔐 Wanna read about #WebPKI to feel smart? Well, this site boasts about #HTTPS while rocking an expired cert. 🤦‍♂️ It's like a security guard locked outside his own building, yelling about safety! 🚫🔒
    blog.brycekerley.net/2026/03/0 #SecurityExpired #CertFail #SafeGuard #HackerNews #ngated

  9. 🔐 Wanna read about #WebPKI to feel smart? Well, this site boasts about #HTTPS while rocking an expired cert. 🤦‍♂️ It's like a security guard locked outside his own building, yelling about safety! 🚫🔒
    blog.brycekerley.net/2026/03/0 #SecurityExpired #CertFail #SafeGuard #HackerNews #ngated

  10. March 15 is last call on 398-day certificates. After that, 200-day max, 100 in 2027, 47 in 2029.

    Renew now and you buy yourself time to automate on your terms. Wait, and the CA/B Forum sets your schedule for you.

    certkit.io/blog/last-call-on-3 #PKI #WebPKI

  11. March 15 is last call on 398-day certificates. After that, 200-day max, 100 in 2027, 47 in 2029.

    Renew now and you buy yourself time to automate on your terms. Wait, and the CA/B Forum sets your schedule for you.

    certkit.io/blog/last-call-on-3 #PKI #WebPKI

  12. CertKit Agent 1.6: RRAS support, deploy windows, and agent locking.

    Shorter lifetimes mean certificate automation has to act like real deployments: issue, deploy, verify. Deploy windows keep disruptions inside maintenance windows, and agent locking freezes commands so UI changes can’t be weaponized.

    certkit.io/blog/agent-1.6

    #CertificateAutomation #WebPKI

  13. CertKit Agent 1.6: RRAS support, deploy windows, and agent locking.

    Shorter lifetimes mean certificate automation has to act like real deployments: issue, deploy, verify. Deploy windows keep disruptions inside maintenance windows, and agent locking freezes commands so UI changes can’t be weaponized.

    certkit.io/blog/agent-1.6

    #CertificateAutomation #WebPKI

  14. Is today a #FediHire Friday? Sure looks like it!

    What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large enterprise. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively. Interested in relocating outside of the US.

    My main focus the last few years has been rebuilding and modernizing a struggling certificate environment. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack to a certificates-as-a-service vendor, getting a handle on our web PKI consumption, and making massive improvements to our certificate life-cycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My understanding of deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

    This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've developed training and teaching material for junior and mid-level engineers featuring practical PKI concepts and our specific enterprise requirements. I've worked closely with fellow principal engineers and architects to design secure, resilient services. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

    While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

    My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture/civil engineering firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

    In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can shine, and volunteering at local repair clinic events to help my neighbors with technology that isn't meeting their expectations.

    Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

    PMs open if you want to talk details. Boosts/retoots appreciated.

    #Job #GetFediHired #FediHired #ITJobs #Windows #ActiveDirectory #Certificate #MSCA #MicrosoftCertificateAuthority #ADCS #PKI #WebPKI #Azure #Migration #CyberSecurity #InfoSecurity #RemoteWork

  15. Is today a #FediHire Friday? Sure looks like it!

    What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large enterprise. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively. Interested in relocating outside of the US.

    My main focus the last few years has been rebuilding and modernizing a struggling certificate environment. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack to a certificates-as-a-service vendor, getting a handle on our web PKI consumption, and making massive improvements to our certificate life-cycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My understanding of deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

    This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've developed training and teaching material for junior and mid-level engineers featuring practical PKI concepts and our specific enterprise requirements. I've worked closely with fellow principal engineers and architects to design secure, resilient services. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

    While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

    My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture/civil engineering firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

    In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can shine, and volunteering at local repair clinic events to help my neighbors with technology that isn't meeting their expectations.

    Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

    PMs open if you want to talk details. Boosts/retoots appreciated.

    #Job #GetFediHired #FediHired #ITJobs #Windows #ActiveDirectory #Certificate #MSCA #MicrosoftCertificateAuthority #ADCS #PKI #WebPKI #Azure #Migration #CyberSecurity #InfoSecurity #RemoteWork

  16. Is today a #FediHire Friday? Sure looks like it!

    What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large enterprise. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively. Interested in relocating outside of the US.

    My main focus the last few years has been rebuilding and modernizing a struggling certificate environment. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack to a certificates-as-a-service vendor, getting a handle on our web PKI consumption, and making massive improvements to our certificate life-cycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My understanding of deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

    This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've developed training and teaching material for junior and mid-level engineers featuring practical PKI concepts and our specific enterprise requirements. I've worked closely with fellow principal engineers and architects to design secure, resilient services. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

    While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

    My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture/civil engineering firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

    In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can shine, and volunteering at local repair clinic events to help my neighbors with technology that isn't meeting their expectations.

    Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

    PMs open if you want to talk details. Boosts/retoots appreciated.

    #Job #GetFediHired #FediHired #ITJobs #Windows #ActiveDirectory #Certificate #MSCA #MicrosoftCertificateAuthority #ADCS #PKI #WebPKI #Azure #Migration #CyberSecurity #InfoSecurity #RemoteWork

  17. Is today a #FediHire Friday? Sure looks like it!

    What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large enterprise. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively. Interested in relocating outside of the US.

    My main focus the last few years has been rebuilding and modernizing a struggling certificate environment. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack to a certificates-as-a-service vendor, getting a handle on our web PKI consumption, and making massive improvements to our certificate life-cycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My understanding of deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

    This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've developed training and teaching material for junior and mid-level engineers featuring practical PKI concepts and our specific enterprise requirements. I've worked closely with fellow principal engineers and architects to design secure, resilient services. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

    While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

    My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture/civil engineering firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

    In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can shine, and volunteering at local repair clinic events to help my neighbors with technology that isn't meeting their expectations.

    Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

    PMs open if you want to talk details. Boosts/retoots appreciated.

    #Job #GetFediHired #FediHired #ITJobs #Windows #ActiveDirectory #Certificate #MSCA #MicrosoftCertificateAuthority #ADCS #PKI #WebPKI #Azure #Migration #CyberSecurity #InfoSecurity #RemoteWork

  18. Is today a #FediHire Friday? Sure looks like it!

    What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large enterprise. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively. Interested in relocating outside of the US.

    My main focus the last few years has been rebuilding and modernizing a struggling certificate environment. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack to a certificates-as-a-service vendor, getting a handle on our web PKI consumption, and making massive improvements to our certificate life-cycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My understanding of deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

    This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've developed training and teaching material for junior and mid-level engineers featuring practical PKI concepts and our specific enterprise requirements. I've worked closely with fellow principal engineers and architects to design secure, resilient services. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

    While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

    My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture/civil engineering firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

    In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can shine, and volunteering at local repair clinic events to help my neighbors with technology that isn't meeting their expectations.

    Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

    PMs open if you want to talk details. Boosts/retoots appreciated.

    #Job #GetFediHired #FediHired #ITJobs #Windows #ActiveDirectory #Certificate #MSCA #MicrosoftCertificateAuthority #ADCS #PKI #WebPKI #Azure #Migration #CyberSecurity #InfoSecurity #RemoteWork

  19. Gibt’s eigentlich schon sinnvolle kommerzielle oder freie issuer für clientAuth Zertifikate? #webpki #cabforum #tls

  20. Gibt’s eigentlich schon sinnvolle kommerzielle oder freie issuer für clientAuth Zertifikate? #webpki #cabforum #tls

  21. Gibt’s eigentlich schon sinnvolle kommerzielle oder freie issuer für clientAuth Zertifikate? #webpki #cabforum #tls

  22. Gibt’s eigentlich schon sinnvolle kommerzielle oder freie issuer für clientAuth Zertifikate? #webpki #cabforum #tls

  23. #Heise:
    "
    "Passwort" Folge 40: Probleme mit Widerrufen, Verbindungsabbrüchen und anderem

    Eine pickepackevolle Folge, gefüllt unter anderem mit kundigem Exploitbau unter Linux, einem HTTP2-DoS und millionenfachen Zertifikatsrückrufen von Microsoft.
    "
    heise.de/news/Passwort-Folge-4

    mp3: audio.podigee-cdn.net/2098722-

    10.9.2025

    Aaaa.. MS..

    #CA #CertificateTransparency #Chrome #LetsEncrypt #Microsoft #MS #PKI #TLSZertifikat #WebPKI #Zertifikat

  24. #Heise:
    "
    "Passwort" Folge 40: Probleme mit Widerrufen, Verbindungsabbrüchen und anderem

    Eine pickepackevolle Folge, gefüllt unter anderem mit kundigem Exploitbau unter Linux, einem HTTP2-DoS und millionenfachen Zertifikatsrückrufen von Microsoft.
    "
    heise.de/news/Passwort-Folge-4

    mp3: audio.podigee-cdn.net/2098722-

    10.9.2025

    Aaaa.. MS..

    #CA #CertificateTransparency #Chrome #LetsEncrypt #Microsoft #MS #PKI #TLSZertifikat #WebPKI #Zertifikat

  25. #Heise:
    "
    "Passwort" Folge 40: Probleme mit Widerrufen, Verbindungsabbrüchen und anderem

    Eine pickepackevolle Folge, gefüllt unter anderem mit kundigem Exploitbau unter Linux, einem HTTP2-DoS und millionenfachen Zertifikatsrückrufen von Microsoft.
    "
    heise.de/news/Passwort-Folge-4

    mp3: audio.podigee-cdn.net/2098722-

    10.9.2025

    Aaaa.. MS..

    #CA #CertificateTransparency #Chrome #LetsEncrypt #Microsoft #MS #PKI #TLSZertifikat #WebPKI #Zertifikat

  26. #Heise:
    "
    "Passwort" Folge 40: Probleme mit Widerrufen, Verbindungsabbrüchen und anderem

    Eine pickepackevolle Folge, gefüllt unter anderem mit kundigem Exploitbau unter Linux, einem HTTP2-DoS und millionenfachen Zertifikatsrückrufen von Microsoft.
    "
    heise.de/news/Passwort-Folge-4

    mp3: audio.podigee-cdn.net/2098722-

    10.9.2025

    Aaaa.. MS..

    #CA #CertificateTransparency #Chrome #LetsEncrypt #Microsoft #MS #PKI #TLSZertifikat #WebPKI #Zertifikat

  27. #Heise:
    "
    "Passwort" Folge 40: Probleme mit Widerrufen, Verbindungsabbrüchen und anderem

    Eine pickepackevolle Folge, gefüllt unter anderem mit kundigem Exploitbau unter Linux, einem HTTP2-DoS und millionenfachen Zertifikatsrückrufen von Microsoft.
    "
    heise.de/news/Passwort-Folge-4

    mp3: audio.podigee-cdn.net/2098722-

    10.9.2025

    Aaaa.. MS..

    #CA #CertificateTransparency #Chrome #LetsEncrypt #Microsoft #MS #PKI #TLSZertifikat #WebPKI #Zertifikat

  28. For anyone who is panicking over certificate misissuance for #cloudflare 1.1.1.1: such "incidents" happen on a regular basis. For example #letsencrypt once had to revoke ~3M certs because their #CAA validation algorithm was faulty:

    community.letsencrypt.org/t/20

    Name a #CA and you're definitely going to find cases of misissuance. The problem is the #WebPKI governance that's more than often just a paper tiger that doesn't impose any sanctions on the heavy weights.

  29. For anyone who is panicking over certificate misissuance for #cloudflare 1.1.1.1: such "incidents" happen on a regular basis. For example #letsencrypt once had to revoke ~3M certs because their #CAA validation algorithm was faulty:

    community.letsencrypt.org/t/20

    Name a #CA and you're definitely going to find cases of misissuance. The problem is the #WebPKI governance that's more than often just a paper tiger that doesn't impose any sanctions on the heavy weights.

  30. #QWAC might be awful but that doesn't make existing trust stores in the #WebPKI better: the decisions are basically made by going though a checklist and having some random people approve your application.

  31. #QWAC might be awful but that doesn't make existing trust stores in the #WebPKI better: the decisions are basically made by going though a checklist and having some random people approve your application.

  32. #QWAC might be awful but that doesn't make existing trust stores in the #WebPKI better: the decisions are basically made by going though a checklist and having some random people approve your application.

  33. CRLite is a fascinating piece of technology by Mozilla to handle revocations on the WebPKI, in a privacy-friendly and bandwidth ~friendy approach: it uses a new compact data-structure called Clubcards (basically Ribbon filters (enhanced Bloom filters) with partitionning): hacks.mozilla.org/2025/08/crli

    #RustLang #WebPKI #revocation #CRLite #clubcard #Firefox

  34. CRLite is a fascinating piece of technology by Mozilla to handle revocations on the WebPKI, in a privacy-friendly and bandwidth ~friendy approach: it uses a new compact data-structure called Clubcards (basically Ribbon filters (enhanced Bloom filters) with partitionning): hacks.mozilla.org/2025/08/crli

    #RustLang #WebPKI #revocation #CRLite #clubcard #Firefox

  35. CRLite is a fascinating piece of technology by Mozilla to handle revocations on the WebPKI, in a privacy-friendly and bandwidth ~friendy approach: it uses a new compact data-structure called Clubcards (basically Ribbon filters (enhanced Bloom filters) with partitionning): hacks.mozilla.org/2025/08/crli

    #RustLang #WebPKI #revocation #CRLite #clubcard #Firefox

  36. CRLite is a fascinating piece of technology by Mozilla to handle revocations on the WebPKI, in a privacy-friendly and bandwidth ~friendy approach: it uses a new compact data-structure called Clubcards (basically Ribbon filters (enhanced Bloom filters) with partitionning): hacks.mozilla.org/2025/08/crli

    #RustLang #WebPKI #revocation #CRLite #clubcard #Firefox

  37. CRLite is a fascinating piece of technology by Mozilla to handle revocations on the WebPKI, in a privacy-friendly and bandwidth ~friendy approach: it uses a new compact data-structure called Clubcards (basically Ribbon filters (enhanced Bloom filters) with partitionning): hacks.mozilla.org/2025/08/crli

    #RustLang #WebPKI #revocation #CRLite #clubcard #Firefox

  38. Within the #WebPKI, the "common name" is widely irrelevant afaik:

    infosec.exchange/@pft/11474541

    So the question is: what are the circumstances that can pose a security risk if IP addresses are included in the CN field.

  39. Within the #WebPKI, the "common name" is widely irrelevant afaik:

    infosec.exchange/@pft/11474541

    So the question is: what are the circumstances that can pose a security risk if IP addresses are included in the CN field.