Tag Archives: CRLs

Heartbleed – Can CRLs cope?

14 Apr

It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Continue reading

CRLs are a critical part of security infrastructure – oh dear!

3 Sep

In the article “why has encrypted email not taken off” I looked at some of the barriers to the widespread adoption of secure email. Certificate revocation was one factor discussed.

Continue reading

This Post Does Not Ask About Cookies

12 Feb

Whenever I visit a web site these days I get asked about cookies.
A quick survey around a family dinner table at Christmas revealed only 2 out of 10 people knew what the question was really asking (and we both work in the industry).

Continue reading