Public Key Pinning Extension for HTTP
In 2011, Google added public key pinning to Chrome. They white-listed the certification authority public keys that could be used to secure Google domains.
RSA Key Generation Flaw Does Not Affect Entrust Certificates
The New York Times published an article by John Markoff a couple days ago, “Flaw Found in an Online Encryption Method.” Sadly, the article is behind the Times paywall. Irritatingly, it’s a very good article except for the headline, which is wrong. The flaw isn’t found in the encryption, but in some key generation. A [Read More...]