The Coronavirus can't be stopped and the implications are quite clear: the next 3-6 months will see large numbers of people off work, and we can already see a huge increase in remote working—which depends entirely on the IT infrastructure working. As a recent Let's Encrypt incident showed, HTTPS represents the ultimate risk to remote working.
Secure by design has been touted by governments as the way to solve the threat from insecure IoT devices. Here is a thought - it will never work because the focus is wrong.
While KEYCHEST as a brand started as a straightforward expiry management service for Let's Encrypt, it has become a service with a rich set of features and there is still several technologies that wait for production deployment.
A friend tagged me yesterday on LinkedIn with an update that Microsoft Teams - a team communication service, something like Slack - had gone down due to an expired certificate. How can this even happen?
I started playing with HashiCorp Vault about 2 years ago and I really struggled to start with. I didn't expect the simplicity. Here are some of my notes that may help you touch the ground running.
You may well know that Let's Encrypt is a not-for-profit organization that provides SSL certificates for free. You may also know there is a huge number of "clients" - small software packages that you need to install on your server to start using Let's Encrypt. There is relatively little information about how it actually works.
Do you remember ROCA attack - the most devastating attack in 2017 that extracted secret keys from 25% of TPM module? It has a kind of a sibling - Minerva. While ROCA was about the RSA encryption, MINERVA is about Elliptic Curve (ECC) signing.
KeyChest's business model is based on the management of HTTPS expiry. Automation of certificate issuance is for us an additional service that moves it closer to a complete service to manage your internal and external certificates. What it means in practical terms is that we simply pass on our cost of certificates to all paying users of KeyChest.
KeyChest has started as an easy to use HTTPS monitoring service. What we are aiming for is a general purpose key management service, which can look after your public as well as internal web encryption keys.