(soon a blog post) Thinking about setting up a little cooperative called #nerdcert. Where we use letsencrypt style certificate generation, renewals and distribution, with ACME support, but only for certificates that have EKU (Extended Key Usage) entries that go beyond serverAuth, the only thing Google will accept from mid next year :) Context: Thread and replies at https://social.wildeboer.net/@jwildeboer/114517884390728050| social.wildeboer.net
TIL OpenSSL still uses 3DES as the default for S/MIME encryption 🤯| gruene.social
Since NIST updated its password recommendations in 2017, a lot has changed. Although there are still plenty of applications that rely on the old-fashioned complexity-based rules (lower case, upper case, numbers, special characters… you know the drill), a lot has improved.| Articles – Lutra Security
If we reinvent the wheel, it’s safe to say that initially it probably won’t run as smoothly as the one that’s been around for more than 6,000 years. So if all you need is a wheel and you’re not trying to sell a new wheel, it’s a good idea to stick with the existing design. The same goes for software. If you just need a functionality, the best solution is usually to use something that already exists, a library that has already implemented it.| Articles – Lutra Security
If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that tell each recipient a different story. Let’s talk about Salamander/MIME.| lutrasecurity.com
Jan Wildeboer’s thread on setting up a cooperative CA inspired me to finally write down (and then forget about them again for over a week) my thoughts on a related topic: Email encryption. With PGP and S/MIME, we already have two mature solutions for sending encrypted emails that have been around for decades. And while there are a few issues here and there, we can essentially consider the problem solved. If it wasn’t for the UX…| Konstantin Weddige
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.| lutrasecurity.com