PKI is a technology that has stood the test of time, but it is let down by high running costs and poor implementation.
Continue reading “PKI – is there a better way?”
In the blog S/MIME on Trial in 2013, I outlined some challenges using S/MIME to send secure email.
I also posed the question, was I confident the issues would be solved in a 3-5 year timeframe?
Well, here we are 3 years later, let’s take a look. Continue reading “S/MIME Re-trial”
In the address bar of THIS blog, you should see a little padlock… Continue reading “What can you learn from a Padlock?”
To see if a web site is secure, we have been trained to look for the padlock in the browser. Sadly, not all padlocks are the same… Continue reading “Is that Web Site Secure?”
As we rapidly advance to the new world of the Internet of Things, security is slowly but surely starting to be talked about. Managing keys is an important part of this discussion.
Continue reading “Considerations when Managing IoT Device Keys”
Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading “Smart Card Management – Choose your process carefully”
It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Continue reading “Heartbleed – Can CRLs cope?”
Each day we become more reliant on the Internet in both our personal and business lives, yet each day there are new stories of security failures. A key part of living and working on the Internet is the ability to be able to communicate securely; whether inter-personal communication, such as email or chat, or client / server communication to access a web site.
This blog looks at how and why secure communications fail, and what we can do about it.
Continue reading “Trustworthy Communications”
For the last 3 months I have, by default, digitally signed my email. Well that was the plan…
Continue reading “S/MIME on Trial”
In the article “why has encrypted email not taken off” I looked at some of the barriers to the widespread adoption of secure email. Certificate revocation was one factor discussed.
Continue reading “CRLs are a critical part of security infrastructure – oh dear!”