The Electronic Frontier Foundation is weighing in on the European Union’s “encryption roadmap,” which continues to push for access to private communication. https://www.eff.org/deeplinks/2025/06/eus-encryption-roadmap-makes-everyone-less-safe
The place for TLS and PKI education. Publishers of Bulletproof TLS and PKI. Authors of Practical TLS and PKI training. Monthly Bulletproof TLS Newsletter.
The Electronic Frontier Foundation is weighing in on the European Union’s “encryption roadmap,” which continues to push for access to private communication. https://www.eff.org/deeplinks/2025/06/eus-encryption-roadmap-makes-everyone-less-safe
Frank Denis makes a passionate plea for better user interfaces for OpenSSL cipher suite selection. https://00f.net/2025/06/06/cipher-suites/
Researchers have discovered a novel tracking method, used by Meta and Yandex, that affected the privacy and security of potentially billions of Android users. The clever technique relied on the sharing of information between (1) websites running in browsers and (2) native apps that were designed especially for this purpose. https://localmess.github.io
The European Union has published its guidelines for migration to post-quantum cryptography. The timelines are as follows: triage by the end of 2026, migration of high-risk properties by the end of 2030, and migration of the remaining properties by the end of 2035. https://digital-strategy.ec.europa.eu/en/library/coordinated-implementation-roadmap-transition-post-quantum-cryptography
Cryptography & Security Newsletter is out! In this issue:
- Internet PKI to Integrate DNSSEC
- Short News
https://www.feistyduck.com/newsletter/issue_126_internet_pki_to_integrate_dnssec
HAProxy wrote about the state of TLS libraries. https://www.haproxy.com/blog/state-of-ssl-stacks
John Young, cofounder of web archive Cryptome https://cryptome.org, has died. The Register spoke to his friends and peers. https://www.theregister.com/2025/05/24/john_young_obituary/
The Internet Security Research Group (ISRG) is branching from certificates into the human digital identity space. https://www.abetterinternet.org/post/humandigitalidentityspace/
To reap the security benefits of passkeys, we need to make a leap and embrace a password-less future. Microsoft is doing just that, with new accounts skipping passwords altogether and existing accounts given an option to delete their existing passwords. https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/
Cryptography & Security Newsletter: The UK government announced that it will deploy passkeys as an alternative to the current text-based two-factor authentication approach. https://www.ncsc.gov.uk/news/government-adopt-passkey-technology-digital-services
More about passkeys gaining momentum: https://www.feistyduck.com/newsletter/issue_125_passkeys_gain_momentum
Cryptography & Security Newsletter is out! In this issue:
- Passkeys Gain Momentum
- Short News
https://www.feistyduck.com/newsletter/issue_125_passkeys_gain_momentum
New dates! Practical TLS and PKI, Sep 22-25. From Ivan Ristic, based on the Bulletproof book, with lots of exercises to give you hands-on experience. Your teacher will be Scott Helme. And now is a good time to grab an Early Bird ticket ($300 off).
https://www.feistyduck.com/training/practical-tls-and-pki
Our final TLS and PKI Training before the summer will take place on 3-6 June. Four half-days, with real-world exercises to work on during the training and afterwards. With Scott Helme and from Ivan Ristic. Join us! https://www.feistyduck.com/training/practical-tls-and-pki
Four weeks until the next Practical TLS and PKI Training - Join Scott Helme on June 3-6 to learn how to deploy secure servers and design secure web applications. Four half days, Pacific Time AM. From Ivan Ristic.
https://www.feistyduck.com/training/practical-tls-and-pki
Cryptography & Security Newsletter is out! In this issue:
- Certificate Lifetimes to Shrink to Just Forty-Seven Days
- Other News
https://www.feistyduck.com/newsletter/issue_124_certificate_lifetimes_to_shrink_to_just_forty_seven_days
From the newsletter: To support its CRLite effort, Mozilla updated its Root Store Policy in March, making a stronger push to ensure that CAs are revoking certificates in a timely manner and that they’re able to respond to high-volume situations. https://blog.mozilla.org/security/2025/03/12/enhancing-ca-practices-key-updates-in-mozilla-root-store-policy-v3-0/
Cryptography & Security Newsletter is out! In this issue:
- Mozilla Fixes Certificate Revocation Checking
- Certificate Transparency
- Post-Quantum Cryptography
- Other News
https://www.feistyduck.com/newsletter/issue_123_mozilla_fixes_certificate_revocation_checking
New dates for Practical TLS and PKI Training! 3-6 June, 8am-11:30am PT. We have a small number of Early Bird tickets, it's a good time to book! From Ivan Ristic and with Scott Helme. https://www.feistyduck.com/training/practical-tls-and-pki
Cryptography & Security Newsletter is out! In this issue:
- QWAC Technical Details Emerge
- No Advanced Data Protection for the UK
- Short News
https://www.feistyduck.com/newsletter/issue_122_qwac_technical_details_emerge
We have updated our SSL/TLS and PKI History! Check out the latest developments: https://www.feistyduck.com/ssl-tls-and-pki-history/