Yeah I feel a LOT more secure with #CertificateTransparency. Few minutes after running ACME on my fresh domain, 5 bots visit me to try and exploit my site, and #Google pays a visit.
It's a technology that's not useful for me, but one that I'm forced to use. It's useful for #BigTech and criminals. That's probably why CT looks like, swims like and quacks like a #blockchain.

Wordpress: Attackiert schon während der Installation

Noch bevor das System live geht, haben Angreifer es oft unbemerkt mit Hintertüren versehen. Die stehen nämlich schon nach wenigen Minuten auf der Matte.

https://www.heise.de/news/Wordpress-Attackiert-schon-waehrend-der-Installation-7364588.html?wt_mc=sm.red.ho.mastodon.mastodon.-.-

#Backdoor #CertificateTransparency #Wordpress #Zertifikate #News

RT @heisec
Wordpress: Attackiert schon während der Installation https://www.heise.de/news/Wordpress-Attackiert-schon-waehrend-der-Installation-7364588.html #CertificateTransparency #Hintertür

RT @heisec
Wordpress: Attackiert schon während der Installation https://www.heise.de/news/Wordpress-Attackiert-schon-waehrend-der-Installation-7364588.html #CertificateTransparency #Hintertür

#Golem - Das ist echt reißerisch. Natürlich kann und sollte man über fragwürdige #CA s in #Browsern berichten. Das Problem ist in Zeiten von #CertificateTransparency auch bei weitem nicht so groß, wie dargestellt. Ein wenig unaufgeregtere Berichterstattung würde Euch echt gut tun.

https://www.golem.de/news/chrome-safari-firefox-die-mysterioese-firma-die-in-unseren-browsern-steckt-2211-169708.html

I've been predicting this for years.

TLDR: #CertificateTransparency will kill off CAs without making you much safer, eventually resulting in global Internet censorship. @letsencrypt will accelerate.

#DPKI only solution out of this.

https://www.templarbit.com/blog/2018/09/07/the-story-of-why-chrome-and-firefox-will-soon-block-sites-with-certain-ssl-certificates/

Is #CertificateTransparency usable? by Emily Stark (Google)

https://www.youtube.com/watch?v=e_rwG7MA5VU

Good talk!

Startcom is no longer a trusted CA, but it managed to bring further shame onto itself by being a poor #CertificateTransparency log operator. They will cease that activity shortly: https://groups.google.com/a/chromium.org/d/msg/ct-policy/92HIh2vG6GA/hBEHxcpoCgAJ #infosec #TLS #X509

@jerry @JohnnyC I was referring to the more general notion of using an append-only ordered log, "à la" #CertificateTransparency, where there is a trustworthy/auditable notary. The goal is not be to kick anyone out, but instead to have a centralized notary of user handles, thus avoiding merge conflicts.
The confusion comes from the fact that I should have referred to General Transparency instead of CT (https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf)

@JohnnyC @jerry Nah, not really. (Let's encrypt) LE is actually one of the entities that are audited by #CertificateTransparency. All certificates that LE emits are inserted in #CertificateTransparency log servers for monitoring by the domain name holders and the #infosec community.

There was a very good intro to #CertificateTransparency at the latest #CCC conference: https://media.ccc.de/v/33c3-8167-everything_you_always_wanted_to_know_about_certificate_transparency

My own #CertificateTransparency slidedeck is in French.

@jerry @JohnnyC Yeah. I am actually not a great fan of blockchain space heaters :) I like the idea of a centralized notary that can be audited, and which has a reputation to uphold. That's why I believe in #CertificateTransparency

#introduction: Hey! I am network security specialist, teacher and researcher, living in #France. My main interests/skills are #DNS, #SecureMessaging (#OMEMO, #Signal, #OTR, #OpenPGP/#GnuPG), #TLS, #CertificateTransparency, #Web, #SecureProgramming. I mainly develop in #GoLang and #Python, although I have done a fair amount of #PHP in the past.

@jerry @JohnnyC A copy of the master address list at each node would be a call for merge conflicts. A centralized log, similar to #CertificateTransparency notary system could do though, or a namecoin-like using a blockchain system as a decentralized notary.