• HSTS RFC Finalized

    HTTP Strict Transport Security (HSTS) has been finalized and published as RFC 6797. The purpose of HSTS is to allow a website to declare to complying users’ agents that they should interact with it using a secure connection such as HTTPS. In order to implement HSTS, a website must have a statement in its header, such as: Header always set Strict-Transport-Security

        in Secure Browsing, SSL, SSL Deployment
    0
  • HTTPS Everywhere 3.0

    The Electronic Frontier Foundation (EFF) has released HTTPS Everywhere 3.0.

        in Secure Browsing, SSL
    0
  • Stopping CRIME Attacks

    This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression is used in SPDY, which

        in Secure Browsing, SSL
    0
Page 1 of 212