A small note on certificate-authority trust
A specific incident involving a misissued certificate has clarified how fragile the CA trust model actually is in practice.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged ssl — 5 results.
Reading mod_ssl source
Following the TLS audit work, I have spent a few evenings reading the mod_ssl source to understand how the Apache SSL/TLS layer actually works. The implementation has some specific weaknesses worth knowing about.
An audit of TLS deployments at small operators
I have spent the past month auditing the TLS deployments of half a dozen small operators. The findings are largely consistent and reveal where the operational gaps live.
SSL deployment is finally happening
Three years after I first wrote about HTTPS, the deployment is finally reaching critical mass. A walk through what is changing, what is not, and what defenders should know about the current state.
A personal SSL CA
I want HTTPS for my own services without the cost or hassle of a commercial CA. Setting up a personal CA with OpenSSL is half a day's work and produces something genuinely useful for years.