Tag Archives: PKI

S/MIME Re-trial

8 Nov

In the blog S/MIME on Trial in 2013, I outlined some challenges using S/MIME to send secure email.

I also posed the question, was I confident the issues would be solved in a 3-5 year timeframe?

Well, here we are 3 years later, let’s take a look.   Continue reading

What can you learn from a Padlock?

22 Jun

In the address bar of THIS blog, you should see a little padlock… Continue reading

Is that Web Site Secure?

7 Jun

To see if a web site is secure, we have been trained to look for the padlock in the browser.  Sadly, not all padlocks are the same  Continue reading

Considerations when Managing IoT Device Keys

15 Mar

As we rapidly advance to the new world of the Internet of Things, security is slowly but surely starting to be talked about. Managing keys is an important part of this discussion.

Continue reading

Smart Card Management – Choose your process carefully

7 Jul

Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading

Heartbleed – Can CRLs cope?

14 Apr

It has been shown that Heartbleed can be used to leak SSL private keys (if the attackers are lucky). So now many experts are recommending that you revoke and re-issue SSL certificates for your web server. Can the certificate revocation mechanism cope?
Continue reading

Trustworthy Communications

25 Mar

Each day we become more reliant on the Internet in both our personal and business lives, yet each day there are new stories of security failures.   A key part of living and working on the Internet is the ability to be able to communicate securely; whether inter-personal communication, such as email or chat, or client / server communication to access a web site.

This blog looks at how and why secure communications fail, and what we can do about it.

Continue reading

S/MIME on Trial

17 Oct

For the last 3 months I have, by default, digitally signed my email. Well that was the plan…

Continue reading

CRLs are a critical part of security infrastructure – oh dear!

3 Sep

In the article “why has encrypted email not taken off” I looked at some of the barriers to the widespread adoption of secure email. Certificate revocation was one factor discussed.

Continue reading

This Post Does Not Ask About Cookies

12 Feb

Whenever I visit a web site these days I get asked about cookies.
A quick survey around a family dinner table at Christmas revealed only 2 out of 10 people knew what the question was really asking (and we both work in the industry).

Continue reading