#WebPKI

Nicolas Fränkel 🇪🇺🇺🇦🇬🇪

@frankel.ch

1 day ago

#WebPKI and You

https://blog.brycekerley

#HTTPS #TLS #certificates

CertKit - Certificate Management

@certkit.io

3 weeks ago

BygoneSSL happened to us We wrote about BygoneSSL and the 1.5 million domains with certificates owned by someone else. Then we bought certkit.dev and found one on our own domain. A DigiCert certificate, still valid for 98 day...

We bought certkit<.>dev and found someone else had a valid certificate for it. Tried to get it revoked: 6 emails, 24 hours, a support agent who called me "Tobb."

72 hours later, the cert is STILL trusted by every browser.

www.certkit.io/blog/bygones...

#WebPKI #CertificateManagement

Steef-Jan Wiggers

@steefjan.bsky.social

4 months ago

Cloudflare Proposes Merkle Tree Certificates to Solve Post-Quantum TLS Performance Issue Cloudflare's innovative Merkle Tree Certificates (MTCs) revolutionize WebPKI, enabling a seamless transition to Post-Quantum (PQ) cryptography without performance penalties. By minimizing TLS handshak...

#Cloudflare recently announced Merkle Tree Certificates (MTCs), a proposal brought to the Internet Engineering Task Force (IETF) that fundamentally redesigns the #WebPKI to enable a performance-neutral transition to Post-Quantum (PQ) cryptography. #infoq www.infoq.com/news/2025/11...

Aleksander Łukasz 🌱

@aflukasz.pl

7 months ago

Now that's a nice one: blog.nginx.org/blog/native-... . For now only http-01.

#nginx #acme #webpki

rmhrisk

@rmhrisk.bsky.social

9 months ago

The future of web trust isn't weaker enforcement. It's making the CPS the living, automated center of CA operations.

Policy must drive practice, not just scramble to document it. The security of 8 billion people depends on it. #WebPKI

groups.google.com/a/mozilla.or...

Renzume.

@renzume.com

1 year ago

DigiCert threatens legal action against Sectigo over critical Bugzilla comments about PKI security practices
https://bugzilla.mozilla.org/show_bug.cgi?id=1950144
#legalthreats #webpki #industrytransparency #corporateconflict #securitystandards

Seirdy

@seirdy.one

1 year ago

Certificate Transparency in Firefox Firefox 136 looks poised to enforce Certificate Transparency. It may be late, but combined with CRLite (and its other Web PKI progress), it seems to now be the

New microblog: Certificate Transparency in Firefox seirdy.one/notes/2025/0...

FF 136 looks poised to enforce CT. It may be late but when combined with CRLite, it may soon be the browser with the most robust Web PKI support.

#Firefox #WebPKI

Seirdy

@seirdy.one

1 year ago

Post-OCSP certificate revocation in the Web PKI OCSP, including OCSP Stapling, is leaving the Web PKI. Here's a complete look at revocation beyond OCSP: its past, present, and possible futures.

New blog post: "Post-OCSP certificate revocation in the Web PKI"
seirdy.one/posts/2024/0...

With OCSP going away, I look at the history and possible futures of certificate revocation. I threw in some of my own proposals to work alongside existing ones. #security #WebPKI #LetsEncrypt #TLS

Seirdy

@seirdy.one

1 year ago

In a blog post about cert revocation, I'll cover:
OCSP (stapling, must-staple, the never-adopted expect-staple, discontinuation from BoringSSL and Let's Encrypt)
CRLs, CRLite, and CRLSets.
Short-lived certs (ACME-STAR, Delegated Credentials, and notAfter)
Anything else I should cover?
#WebPKI #TLS