Farewell to HPKP, hello to DNS-01 and ECDSA

Farewell to HPKP, hello to DNS-01 and ECDSA

A few months back I switched on HTTP public key pinning, a security scheme designed to make it more difficult for attackers to do nefarious things with the BigDino web server. HPKP is difficult to implement and comes with a long list of configuration pitfalls—and, as of today, I'm done with it.…

Read more »

Grieving over the death of StartSSL

Grieving over the death of StartSSL

What was once the web's best source for free SSL certificates is dead, killed by shitty unethical behavior by a shitty company called WoSign. So thanks, WoSign—thanks for wrecking StartCom and StartSSL. You destroyed something wonderful and useful to millions of people. Hope it was worth it, dicks.…

Read more »