The Coronavirus can't be stopped and the implications are quite clear: the next 3-6 months will see large numbers of people off work, and we can already see a huge increase in remote working—which depends entirely on the IT infrastructure working. As a recent Let's Encrypt incident showed, HTTPS represents the ultimate risk to remote working.
How to Keep Covid-19 From Killing Remote Access
Mar 13, 2020 8:24:00 AM / by Dan posted in certificate, https, key management
Secure By Design Will Not Work - The economics, stupid
Feb 9, 2020 1:12:04 PM / by Dan posted in certificate, identity, key management
Secure by design has been touted by governments as the way to solve the threat from insecure IoT devices. Here is a thought - it will never work because the focus is wrong.
KEYCHEST - Confidence In Your Online Business
Feb 6, 2020 10:36:21 AM / by Dan posted in https, keychest, key management
While KEYCHEST as a brand started as a straightforward expiry management service for Let's Encrypt, it has become a service with a rich set of features and there is still several technologies that wait for production deployment.
Microsoft Teams - It's Not Just One Certificate
Feb 4, 2020 3:14:47 PM / by Dan posted in certificate, https, key management
A friend tagged me yesterday on LinkedIn with an update that Microsoft Teams - a team communication service, something like Slack - had gone down due to an expired certificate. How can this even happen?
HashiCorp Vault and PKI
Jan 28, 2020 2:57:45 PM / by Dan posted in certificate, key management
I started playing with HashiCorp Vault about 2 years ago and I really struggled to start with. I didn't expect the simplicity. Here are some of my notes that may help you touch the ground running.
How Let's Encrypt Works
Jan 24, 2020 8:33:05 AM / by Dan posted in letsencrypt, key management
You may well know that Let's Encrypt is a not-for-profit organization that provides SSL certificates for free. You may also know there is a huge number of "clients" - small software packages that you need to install on your server to start using Let's Encrypt. There is relatively little information about how it actually works.
Minerva Attack and Humble Beginnings
Nov 22, 2019 8:03:53 AM / by Dan posted in key management, attack
Do you remember ROCA attack - the most devastating attack in 2017 that extracted secret keys from 25% of TPM module? It has a kind of a sibling - Minerva. While ROCA was about the RSA encryption, MINERVA is about Elliptic Curve (ECC) signing.
Automating HTTPS Issuance in KeyChest
Nov 21, 2019 10:10:44 AM / by Dan posted in certificate, keychest, key management
KeyChest's business model is based on the management of HTTPS expiry. Automation of certificate issuance is for us an additional service that moves it closer to a complete service to manage your internal and external certificates. What it means in practical terms is that we simply pass on our cost of certificates to all paying users of KeyChest.
KeyChest – Unifying Public and Private Keys
Jun 24, 2019 11:03:03 AM / by Dan posted in https, keychest, key management
KeyChest has started as an easy to use HTTPS monitoring service. What we are aiming for is a general purpose key management service, which can look after your public as well as internal web encryption keys.
What Is Encryption Domain
Jun 14, 2019 1:54:52 PM / by Dan posted in key management, quora
Encryption domain is simply a set of computers or other computing devices (or even people :) ) who share encryption key(s) allowing them to trust each other.