Scott Helme

Free Post

apple

Certificate lifetime capped to 1 year from Sep 2020

It's finally happening! We've had 2 failed attempts through the CA/B Forum and now Apple has decided to enforce a maximum lifetime of 398 days...

Free Post

MTA-STS

Improving email security with MTA-STS

There has been a huge focus on encryption on the web recently, with lots of that centred around HTTP with things like HTTPS and HSTS. Now we're taking...

Free Post

legacy tls

Legacy TLS is on the way out: Start deprecating TLSv1.0 and TLSv1.1 now

With TLS having taken some great steps forwards in recent years, with TLSv1.2 in 2008 and TLSv1.3 in 2018, it's time to start dropping support for...

Free Post

HPKP

HPKP is no more!

It's been an interesting ride over the last few years but HPKP, or HTTP Public Key Pinning, is finally coming to the end of its tenure. With support...

Free Post

tls

Big HTTPS changes coming in Chrome

Chrome has certainly been one of the main contributors towards the recent push to HTTPS online and without their contribution, I do find myself wondering how much progress would have...

Free Post

crawl

Top 1 Million Analysis - September 2019

Yes, it's that time of year again and the last 6+ months have flown by. Time for a look at the state of security in the Top 1...

Free Post

CSP

CSP nonces the easy way with Cloudflare Workers

Everybody knows I'm a rather large fan of CSP and an even bigger fan of CSP reporting, but CSP can be hard. Part of my personal mission has...

Free Post

EV

Extended Validation not so... extended? How I revoked $1,000,000 worth of EV certificates!

Personal like or dislike of EV aside for a moment, we can all agree on what the name of EV certs implies. Organisations get their company details in the certificate...

Free Post

Certificate Authorities

Ballot SC22: Reduce Certificate Lifetimes

We've made some great progress in the TLS and PKI ecosystem in recent years, driven largely by the actions of browser vendors. We could have just taken another...

Free Post

Certificate Transparency

Announcing CT Monitoring for Report URI!

I've spoken a lot about Certificate Transparency on my blog recently and how powerful it is for site operators to be able to keep track of certificates issued...