Heartbleed – Can CRLs cope?

It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Continue reading “Heartbleed – Can CRLs cope?”

CRLs are a critical part of security infrastructure – oh dear!

In the article “why has encrypted email not taken off” I looked at some of the barriers to the widespread adoption of secure email. Certificate revocation was one factor discussed.

Continue reading “CRLs are a critical part of security infrastructure – oh dear!”