Mastodon

1 post1 participant0 posts today

Harry SintonenJust spent some quality time figuring out why HTTPS requests with incorrect system time would fail - even though the time was between the certificate NotBefore and NotAfter.OCSP stapling was the culprit. This adds a more strict "window of system time validity" due to the way the protocol works. The obvious reason for the smallish window is to allow caching, while reducing the replay attack possibilities. Thus, the system clock can't be backdated more than a few hours, regardless of certificate NotBefore. The system time can be more off towards the future.In our use case, we don't need to worry about revocation and hence we will just kill OCSP use. With this, we will still have the limits set by the certificate NotBefore and NotAfter, but at least they're more predictable and somewhat laxer.<a href="https://infosec.exchange/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a> <a href="https://infosec.exchange/tags/publickeyinfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#publickeyinfrastructure</a> <a href="https://infosec.exchange/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a>

Preston Maness ☭<a href="https://mastodon.ml/@Xeniax" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Xeniax</a> Totally nerdsniped :D I'd love to be a part of the study.I don't think that <a href="https://tenforward.social/tags/KeyServers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeyServers</a> are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at <a href="https://keys.openpgp.org/about" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://keys.openpgp.org/about</a> . More generally, I believe that <a href="https://tenforward.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a> / <a href="https://tenforward.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GPG</a> / <a href="https://tenforward.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenPGP</a> retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like <a href="https://tenforward.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Matrix</a>, <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SignalMessenger</a>) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the <a href="https://tenforward.social/tags/KeyOxide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeyOxide</a> project).Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: <a href="https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible</a>).To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with <a href="https://tenforward.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> leaves me green with envy.

MathisHeutiger Aha-Moment: <a href="https://norden.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>-Key-Verteilung über die eigene <a href="https://norden.social/tags/Webseite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Webseite</a>, komplett ohne zentralisierte <a href="https://norden.social/tags/Keyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Keyserver</a> o.ä. - sehr schön! Gleich eingerichtet. ✅ Macht Ihr auch mit?<a href="https://blog.mister-muffin.de/2025/03/31/til-openpgp-web-key-directory/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.mister-muffin.de/2025/03/31/til-openpgp-web-key-directory/</a><a href="https://norden.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GnuPG</a> <a href="https://norden.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GPG</a> <a href="https://norden.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a>

Cuz :twit:This is what innovation can do!<a href="https://twit.social/tags/AirGapped" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AirGapped</a> <a href="https://twit.social/tags/Offline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Offline</a> <a href="https://twit.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://twit.social/tags/PrivateKeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivateKeys</a> <a href="https://twit.social/tags/TwoFactor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TwoFactor</a>- <a href="https://twit.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> <a href="https://twit.social/tags/Yubico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Yubico</a> <a href="https://twit.social/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Yubikey</a> ======Vincent Bernat Turns Three YubiKeys and a Cheap Single-Board Computer Into a Secure Offline PKI <a href="https://www.hackster.io/news/vincent-bernat-turns-three-yubikeys-and-a-cheap-single-board-computer-into-a-secure-offline-pki-1735b4ad7fc2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.hackster.io/news/vincent-bernat-turns-three-yubikeys-and-a-cheap-single-board-computer-into-a-secure-offline-pki-1735b4ad7fc2</a>--- Developer Vincent Bernat demonstrates how to turn three Yubico YubiKey USB two-factor authentication dongles into an offline public key infrastructure (PKI) using a low-cost single-board computer as an air-gapped host.

NetzpalaverNahezu jedes fünfte Online-Zertifikat birgt Sicherheitsrisiken<a href="https://social.tchncs.de/tags/Authentifizierung" class="mention hashtag" rel="tag">#Authentifizierung</a> <a href="https://social.tchncs.de/tags/Datenverschl%C3%BCsselung" class="mention hashtag" rel="tag">#Datenverschlüsselung</a> <a href="https://social.tchncs.de/tags/DigitalTrust" class="mention hashtag" rel="tag">#DigitalTrust</a> @Keyfactor <a href="https://social.tchncs.de/tags/OnlineZertifikat" class="mention hashtag" rel="tag">#OnlineZertifikat</a> <a href="https://social.tchncs.de/tags/PKI" class="mention hashtag" rel="tag">#PKI</a> <a href="https://social.tchncs.de/tags/PublicKeyInfrastructure" class="mention hashtag" rel="tag">#PublicKeyInfrastructure</a> <a href="https://social.tchncs.de/tags/Schwachstelle" class="mention hashtag" rel="tag">#Schwachstelle</a><a href="https://netzpalaver.de/2025/03/19/nahezu-jedes-fuenfte-online-zertifikat-birgt-sicherheitsrisiken/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://netzpalaver.de/2025/03/19/nahezu-jedes-fuenfte-online-zertifikat-birgt-sicherheitsrisiken/</a>

CassanderIs today <a href="https://infosec.exchange/tags/FediHire" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FediHire</a> Friday? Sure looks like it!What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large environment. Interested in relocating outside of the US. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively.My main focus the last few years has been rebuilding and modernizing a struggling certificate management team. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack, getting a handle on our web PKI consumption, and making massive improvements to our certificate lifecycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My background in understanding deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've been training and teaching junior and mid-level engineers both practical PKI concepts and our specific enterprise requirements. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective. In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can do their best. Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world. PMs open if you want to talk details. Boosts/reshares appreciated.<a href="https://infosec.exchange/tags/Job" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Job</a> <a href="https://infosec.exchange/tags/GetFediHired" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GetFediHired</a> <a href="https://infosec.exchange/tags/ITJobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITJobs</a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ActiveDirectory</a> <a href="https://infosec.exchange/tags/Certificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificate</a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://infosec.exchange/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Azure</a> <a href="https://infosec.exchange/tags/Migration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Migration</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSecurity</a>

Dyne.org foundation🔥 Forkbomb B.V. is a member of the PKI Consortium!The Public Key Infrastructure Consortium unites leading organizations to enhance trust in assets and communication via PKI, improving internet security. By collaborating with users, regulators, and stakeholders, the consortium tackles real-world issues effectively. 🔗 <a href="https://pkic.org/members/forkbomb/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pkic.org/members/forkbomb/</a><a href="https://toot.community/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://toot.community/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a>

NetzpalaverRisikomanagement von Zertifikaten<a href="https://social.tchncs.de/tags/CommandRiskIntelligence" class="mention hashtag" rel="tag">#CommandRiskIntelligence</a> @Keyfactor <a href="https://social.tchncs.de/tags/PKI" class="mention hashtag" rel="tag">#PKI</a> <a href="https://social.tchncs.de/tags/PKIaaS" class="mention hashtag" rel="tag">#PKIaaS</a> <a href="https://social.tchncs.de/tags/PostQuantumKryptografie" class="mention hashtag" rel="tag">#PostQuantumKryptografie</a> <a href="https://social.tchncs.de/tags/Risikomanagement" class="mention hashtag" rel="tag">#Risikomanagement</a> <a href="https://social.tchncs.de/tags/Zertifikat" class="mention hashtag" rel="tag">#Zertifikat</a> <a href="https://social.tchncs.de/tags/Zertifikatsrisiko" class="mention hashtag" rel="tag">#Zertifikatsrisiko</a><a href="https://netzpalaver.de/2025/03/06/risikomanagement-von-zertifikaten/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://netzpalaver.de/2025/03/06/risikomanagement-von-zertifikaten/</a>

Milan KazarkaFeel free to test this - <a href="https://testflight.apple.com/join/FRMUTdnW" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://testflight.apple.com/join/FRMUTdnW</a> - an app I'm working on for verification of authorship of photos (through PKI challenges - through the stored private keys of the author) - for more info feel free to contact me. - The project page is at <a href="https://2p0.space" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://2p0.space</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/testing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#testing</a> <a href="https://infosec.exchange/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a>

Marcus LundbladThe SignServer team is happy to announce the community release of SignServer 7.0.0:<a href="https://github.com/Keyfactor/signserver-ce/releases/tag/v7.0.0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Keyfactor/signserver-ce/releases/tag/v7.0.0</a><a href="https://fosstodon.org/tags/SignServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SignServer</a> <a href="https://fosstodon.org/tags/Keyfactor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Keyfactor</a> <a href="https://fosstodon.org/tags/KeyfactorCommunity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeyfactorCommunity</a> <a href="https://fosstodon.org/tags/codesigning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#codesigning</a> <a href="https://fosstodon.org/tags/DigitalSign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalSign</a> <a href="https://fosstodon.org/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a> <a href="https://fosstodon.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Larvitz :fedora: :redhat:Let's Encrypt soon starts offering TLS certificates with just 6 days of lifetime. It's just an option and the 90 day certs are also still offered but I doubt that this will add a lot of security.<a href="https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/</a>Based on the number of occasions, I already had problems with the 90days renewals in the past (software bugs and human error), I see this the value in this move rather sceptical.<a href="https://burningboard.net/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a> <a href="https://burningboard.net/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#letsencrypt</a> <a href="https://burningboard.net/tags/certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#certificates</a> <a href="https://burningboard.net/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a>

mkj<a href="https://social.uggs.io/@chris" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@chris</a> This sounds very similar to HTTP Public Key Pinning (HPKP), and sounds like it could have much the same issues and failure modes as HPKP. Only obvious difference being that you're proposing DNS as the delivery mechanism whereas HPKP used HTTP response headers, so it would generalize more readily to non-HTTP protocols.<a href="https://social.mkj.earth/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://social.mkj.earth/tags/HPKP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HPKP</a>

Christian🚨 Fixing the PKI Mess: CAA + Your Own CA via DNS 🚨 Right now, any CA can issue a certificate for your domain. Even if you set a CAA record (`issue "letsencrypt.org"`), it only controls *who* can issue, not what cert is valid. This is broken. 🔐 What if we could fix this using DNS? <a href="https://social.uggs.io/tags/Introducing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Introducing</a> CAA+CA Fingerprint: Self-Sovereign Certificate Authority Instead of just saying *which CA can issue*, you publish your own CA's fingerprint in DNS. If your CA issues a cert for `awesomecars.com`, browsers should validate it against the DNS-published CA key. 🔥 How It Works You run your own CA (because why trust the cartel?). You then publish: 1️⃣ A CAA record specifying your own CA (with a fingerprint! 🔥) 2️⃣ A DNS record with your CA’s public key (like DKIM but for TLS!) 🔹 Example DNS Setup for `awesomecars.com`: ``` awesomecars.com. IN CAA 0 issue "pki.awesomecars.com; sha256=abcd1234..." pki.awesomecars.com. IN CERT 6 0 0 (--BEGIN CERTIFICATE-- ....) ``` Now, only certs signed by your CA are valid for `awesomecars.com`, even if another CA is tricked into issuing a rogue cert. No more CA hijacking! 🚀 Why Is This Better Than the Current CA Model? ✅ Self-Sovereign Identity: If you own the domain, you should own its PKI. ✅ Prevents Rogue Certs: No government or rogue CA can fake a cert for your domain. ✅ Works Like DKIM for Email: Your CA’s public key is stored in DNSSEC-protected records, just like DKIM keys for email signing. ✅ No More External Trust Issues: You control your CA entirely, instead of relying on Google’s CA store. ✅ Perfect for Self-Hosting & Internal Networks: No need for external CA trust—your DNS is your trust model. 🔥 Why Isn’t This a Thing Already? Big Tech hates this idea because it removes their control: ❌ Google wants Certificate Transparency (CT), where they control which certs are logged. ❌ Commercial CAs make $$$ selling certs. This kills their business. ❌ DNSSEC adoption is intentionally kept low by the same companies who don’t want this to succeed. Browsers refuse to support TLSA for the same reason—they want centralized CA trust, not self-hosted PKI. 🔗 Who Needs to Implement This? 🚀 Self-hosters & Homelabs: Use this for your own infrastructure. 🚀 Email providers: Stop relying on public CAs! 🚀 Privacy-focused projects (Tor, Matrix, XMPP, Fediverse, etc.): A true decentralized PKI alternative. 🚀 Fediverse devs: Let’s push for DNS-based CA validation! What do you think? Would you trust your own CA in DNS over some random commercial CA? 🔁 Boost this if you want a decentralized PKI revolution! 🔥 This keeps the focus on self-hosting your own CA, highlights the security flaws of current PKI, and calls out Big Tech’s resistance to decentralized trust. <a href="https://social.uggs.io/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://social.uggs.io/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.uggs.io/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> <a href="https://social.uggs.io/tags/DANE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DANE</a> <a href="https://social.uggs.io/tags/TLSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLSA</a> <a href="https://social.uggs.io/tags/CAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CAA</a> <a href="https://social.uggs.io/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfHosting</a> <a href="https://social.uggs.io/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fediverse</a> <a href="https://social.uggs.io/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://social.uggs.io/tags/Decentralization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Decentralization</a> <a href="https://social.uggs.io/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://social.uggs.io/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a>

ChristianWhy oh why do Browsers not check TLSA records? We could break free of the messy PKI infrastructure.<a href="https://social.uggs.io/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firefox</a> <a href="https://social.uggs.io/tags/chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#chrome</a> <a href="https://social.uggs.io/tags/safari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#safari</a> <a href="https://social.uggs.io/tags/browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#browser</a> <a href="https://social.uggs.io/tags/ca" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ca</a> <a href="https://social.uggs.io/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a> <a href="https://social.uggs.io/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://social.uggs.io/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#internet</a>

gary<a href="https://infosec.exchange/@Em0nM4stodon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Em0nM4stodon</a> not only is it good opsec but for biz in particular they want and need secure comms - just to conduct business <a href="https://infosec.exchange/tags/alice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#alice</a> and bob <a href="https://infosec.exchange/tags/bb84" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bb84</a> <a href="https://infosec.exchange/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a> <a href="https://infosec.exchange/tags/qkd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#qkd</a> <a href="https://infosec.exchange/tags/5g" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#5g</a> security <a href="https://infosec.exchange/tags/evercookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#evercookie</a>

Marcus Regenberg | marreg<a href="https://digitalcourage.social/tags/NetHSM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetHSM</a> - Das vertrauenswürdige, offene Hardware-Sicherheitsmodul, das einfach funktioniert🇨🇭 Sicherer Speicher für kryptografische Schlüssel (z. B. <a href="https://digitalcourage.social/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> von <a href="https://digitalcourage.social/tags/Webservern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Webservern</a>, <a href="https://digitalcourage.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a>, <a href="https://digitalcourage.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a>, <a href="https://digitalcourage.social/tags/CA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CA</a>, <a href="https://digitalcourage.social/tags/Blockchain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Blockchain</a>) 🇨🇭 <a href="https://digitalcourage.social/tags/OffenerQuellcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffenerQuellcode</a> ermöglicht die Überprüfung, dass keine Hintertüren enthalten sind 🇨🇭 Einfach zu bedienen durch moderne <a href="https://digitalcourage.social/tags/REST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#REST</a>-Schnittstelle und moderne Software-Tools 🇨🇭 Hergestellt in Deutschland→ <a href="https://www.nitrokey.com/de/produkte/nethsm" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.nitrokey.com/de/produkte/nethsm</a><a href="https://digitalcourage.social/tags/madeingermany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#madeingermany</a>

NetzpalaverWarum digitale Zertifikate manuell weder effektiv noch effizient gemanagt werden können<a href="https://social.tchncs.de/tags/Compliance" class="mention hashtag" rel="tag">#Compliance</a> <a href="https://social.tchncs.de/tags/DigitaleZertifikate" class="mention hashtag" rel="tag">#DigitaleZertifikate</a> <a href="https://social.tchncs.de/tags/IoT" class="mention hashtag" rel="tag">#IoT</a> @Keyfactor <a href="https://social.tchncs.de/tags/PKI" class="mention hashtag" rel="tag">#PKI</a> <a href="https://social.tchncs.de/tags/PKIasaService" class="mention hashtag" rel="tag">#PKIasaService</a> <a href="https://social.tchncs.de/tags/PublicKeyInfrastructure" class="mention hashtag" rel="tag">#PublicKeyInfrastructure</a> <a href="https://social.tchncs.de/tags/Zertifikatswildwuchs" class="mention hashtag" rel="tag">#Zertifikatswildwuchs</a><a href="https://netzpalaver.de/2025/01/20/warum-digitale-zertifikate-manuell-weder-effektiv-noch-effizient-gemanagt-werden-koennen/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://netzpalaver.de/2025/01/20/warum-digitale-zertifikate-manuell-weder-effektiv-noch-effizient-gemanagt-werden-koennen/</a>

Jens Brückner 😷 :debian:New <a href="https://social.tchncs.de/tags/year" class="mention hashtag" rel="tag">#year</a>, new <a href="https://social.tchncs.de/tags/hope" class="mention hashtag" rel="tag">#hope</a>, new <a href="https://social.tchncs.de/tags/trust" class="mention hashtag" rel="tag">#trust</a>. All <a href="https://social.tchncs.de/tags/servers" class="mention hashtag" rel="tag">#servers</a> and <a href="https://social.tchncs.de/tags/instances" class="mention hashtag" rel="tag">#instances</a> <a href="https://social.tchncs.de/tags/docker" class="mention hashtag" rel="tag">#docker</a> <a href="https://social.tchncs.de/tags/kubernetes" class="mention hashtag" rel="tag">#kubernetes</a> <a href="https://social.tchncs.de/tags/k8" class="mention hashtag" rel="tag">#k8</a> are now running with renewed <a href="https://social.tchncs.de/tags/certificates" class="mention hashtag" rel="tag">#certificates</a>. <a href="https://social.tchncs.de/tags/ssl" class="mention hashtag" rel="tag">#ssl</a> <a href="https://social.tchncs.de/tags/tls" class="mention hashtag" rel="tag">#tls</a> <a href="https://social.tchncs.de/tags/openssl" class="mention hashtag" rel="tag">#openssl</a> <a href="https://social.tchncs.de/tags/openvpn" class="mention hashtag" rel="tag">#openvpn</a> <a href="https://social.tchncs.de/tags/shell" class="mention hashtag" rel="tag">#shell</a> <a href="https://social.tchncs.de/tags/cli" class="mention hashtag" rel="tag">#cli</a> <a href="https://social.tchncs.de/tags/key" class="mention hashtag" rel="tag">#key</a> <a href="https://social.tchncs.de/tags/req" class="mention hashtag" rel="tag">#req</a> <a href="https://social.tchncs.de/tags/crt" class="mention hashtag" rel="tag">#crt</a> Become your own certificate authority (CA), with <a href="https://social.tchncs.de/tags/easyrsa" class="mention hashtag" rel="tag">#easyrsa</a> <a href="https://social.tchncs.de/tags/pki" class="mention hashtag" rel="tag">#pki</a> <a href="https://social.tchncs.de/tags/ca" class="mention hashtag" rel="tag">#ca</a>

NetzpalaverWas die neue Bekanntmachung des NIST für die Umstellung auf die Quantenkryptographie bedeutet<a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="tag">#Cybersecurity</a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="tag">#Cybersicherheit</a> @Keyfactor <a href="https://social.tchncs.de/tags/NIST" class="mention hashtag" rel="tag">#NIST</a> <a href="https://social.tchncs.de/tags/PKI" class="mention hashtag" rel="tag">#PKI</a> <a href="https://social.tchncs.de/tags/PQC" class="mention hashtag" rel="tag">#PQC</a> <a href="https://social.tchncs.de/tags/Quantencomputer" class="mention hashtag" rel="tag">#Quantencomputer</a> <a href="https://social.tchncs.de/tags/Quantenkryptographie" class="mention hashtag" rel="tag">#Quantenkryptographie</a> <a href="https://social.tchncs.de/tags/Verschl%C3%BCsselung" class="mention hashtag" rel="tag">#Verschlüsselung</a><a href="https://netzpalaver.de/2025/01/16/was-die-neue-bekanntmachung-des-nist-fuer-die-umstellung-auf-die-quantenkryptographie-bedeutet/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://netzpalaver.de/2025/01/16/was-die-neue-bekanntmachung-des-nist-fuer-die-umstellung-auf-die-quantenkryptographie-bedeutet/</a>

Peter N. M. Hansteenrpki-client 9.4 released <a href="https://www.undeadly.org/cgi?action=article;sid=20250108100744" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20250108100744</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/rpki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rpki</a>-client <a href="https://mastodon.social/tags/rpki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rpki</a> <a href="https://mastodon.social/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a> <a href="https://mastodon.social/tags/routing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#routing</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networking</a>

Recent searches

Search options

Administered by:

Server stats:

#pki