It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a look over our progress on securing the web over the last 6 months. Previous Crawls It's hard to believe there are now 5 previous…
Tag: HTTPS
Total 38 Posts
In the early days of the encrypted web you could get certificates valid for any period of time. Long gone are those days and as more time goes by we realise just how much we need to be doing a lot more to greatly reduce the maximum validity period on…
Migrating your site to HTTPS can be hard, really hard. There are countless different ways to perform your migration and various tools and techniques that can help you smooth out the transition. This is a high-level deployment plan that should help you to consider all of the aspects that you…
There, I said it! It might sound like a weird thing to stay but stick with me on this one. We really do need more phishing sites on HTTPS, all of them, encrypt all the things, and not for the reason you might think. The web is going HTTPS There's…
Right now the entire Internet is taking a journey and our destination is a world where the only connection used to load a site is a secure one. We've come a long way, yes, but we still have a long way to go. The beginning In the beginning the Internet…
I recently wrote about how I'm giving up on HPKP and as part of that blog post I suggested I may change the grading criteria on securityheaders.io. After listening to all of the feedback I received as a result of that post, I'm now announcing some changes to the…
It's time for the 5th instalment of my Alexa Top 1 Million scan and this time around there's another new metric in the data. Previous Crawls I've done 4 previous crawls before now and they were Aug 2015, Feb 2016, Aug 2016 and Feb 2017. I'm also publishing my daily…
CAA is a new mechanism that will allow site owners to specify which Certificate Authorities are authorised to issue certificates for their domain name. It's a simple DNS record so setup is a breeze and SSL Labs is now checking for it, so it's time to do it! Why we…
I don't think anyone can disagree with the tremendous amount of progress that has been made in deploying web encryption over the last year or so and Let's Encrypt have played a monumental part in that. Recently though I've seen some negative comments about the CA and some concerns over…
ChaCha20-Poly1305 is the combination of a new cipher, ChaCha20, and a new MAC, Poly1305, to give us a new AEAD cipher suite. AEADs will be the only option that will be available going forwards in TLSv1.3 so alongside AES-GCM, ChaCha20-Poly1305 will be our only other choice. There are also…
