It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Continue reading “Heartbleed – Can CRLs cope?”
Tag: CRLs
CRLs are a critical part of security infrastructure – oh dear!
In the article “why has encrypted email not taken off” I looked at some of the barriers to the widespread adoption of secure email. Certificate revocation was one factor discussed.
Continue reading “CRLs are a critical part of security infrastructure – oh dear!”
This Post Does Not Ask About Cookies
Whenever I visit a web site these days I get asked about cookies.
A quick survey around a family dinner table at Christmas revealed only 2 out of 10 people knew what the question was really asking (and we both work in the industry).