HTTP/2 aims to make the Web faster, simpler, and more robust, focusing on better performance and security. It might sound like some new experimental project, but all major browsers (and more than 30% of Alexa’s top 10 million web sites) already support the protocol. Chances » Continue Reading.
Search Results
An introduction to HTTP/2
SUMMARY: This article is a discussion on the changes brought by HTTP/2, along with their implications. Read on for an introduction to the protocol, and a brief discussion on how it improves Internet user experience. HTTP/2 is the latest revision of the HyperText Transfer » Continue Reading.
Tracking users with TLS session resumption
SSL/TLS is the best way to protect your online communications. However, new research has revealed a potential threat to your privacy – and it’s built into how TLS make your life easier (and your connection faster) through session resumption. In our new article we describe » Continue Reading.
Tracking users with TLS
Tracking users with TLS SUMMARY: Researchers have published a paper about a novel method to track HTTPS users using TLS session identifiers. Read on for more details on the technique and how to protect against it. Last week, security researchers from the University of Hamburg » Continue Reading.
TLS 1.3 is here
Online communications have been secured by SSL and it’s successor TLS since the mid-1990s. Until now, though, every successive version has had to make compromises for backwards compatibility – and bad actors have been only too willing to exploit vulnerabilities this could allow. Our new » Continue Reading.
TLS 1.3 is here to stay
TLS 1.3 is here to stay After five years of design and testing, the Internet Engineering Task Force (IETF) has published TLS 1.3 as a proposed standard document. TLS 1.3 offers significant improvements over both the performance and security of earlier TLS versions, and for » Continue Reading.
Browser security indicators
It’s what you see and don’t see SSL/TLS is most easily described as relating to “that little lock in your browser bar”. However, as we move into the 21st century, different browsers are choosing different methods to visualize trust and authentication. In our new article, » Continue Reading.
A look at browser UI security indicators
Introduction With the release of Chrome 68 in July 2018, Google’s browser now marks web pages loaded without HTTPS as “Not secure”. Changing security indicators might look like a simple UI decision at first glance, but it carries significant implications. Read on for a brief » Continue Reading.
Private PKI or Public PKI?
From the vast network-of-networks that is the internet itself down to local corporate intranets, secure communications depend on having a properly-implemented public key infrastructure (PKI) to protect data in transit. However, not all PKIs are the same. A public PKI is built to face the » Continue Reading.
Private vs Public PKI: Building an Effective Plan
Organizations trying to come up with a Public Key Infrastructure (PKI) [01] plan are often confronted with the choice between public and private PKI. In an attempt to help with this decision, this article will talk about the pros and cons of both PKI solutions, » Continue Reading.