Lots of Go 1.20 Cryptography updates by @filippo: https://words.filippo.io/dispatches/go-1-20-cryptography/

Quantum algorithms for data analysis: https://quantumalgorithms.org/

Google open sourced a privacy-enhancing image blurring library and improvements to their fully homomorphic encryption transpiler:
https://developers.googleblog.com/2022/12/new-privacy-enhancing-technology-for-everyone.html

2022 update to this quantum computing progress chart: http://sam-jaques.appspot.com/quantum_landscape_2022

tl;dr Commendable progress, but we're still a long long way from factoring.

ACM CCS 2023 call for papers out now, first deadline Jan 19 2023 AoE: https://cispa.saarland/group/cremers/events/CCS2023/

New this year: Optional Artifact Evaluation!

I am pretty hyped up on how well Passkeys (FIDO2 multi-device support) work. I think it will be a security & usability gain over the status quo.

FIDO page: https://fidoalliance.org/passkeys/

Demos:
https://www.passkeys.io/
https://webauthn.io/

Chrome & Apple Support:
https://developer.apple.com/passkeys/
https://blog.chromium.org/2022/12/introducing-passkeys-in-chrome.html
https://developers.google.com/identity/passkeys/supported-environments

Google has a “confidential spaces” preview feature to let parties share a sensitive data in a trusted execution environment: https://cloud.google.com/docs/security/confidential-space

It looks like Microsoft has shipped an update to distrust TrustCor's root CA for certs issued after 2022-11-01.

Edge shows certs on a few spot-checked sites as revoked even when OCSP/CRL is valid. I found sites using this Censys query: https://search.censys.io/certificates?q=parsed.issuer.organization.raw%3A+%22TrustCor+Systems+S.+de+R.L.%22+and+parsed.validity.start%3A+%5B2022-11-02+TO+%2A%5D

crt.sh's tool and the results checked in here https://github.com/crtsh/root_programs/blob/master/sql/20221129_microsoft_authroot.sql#L95 shows the restriction parsed from the update cab file.

I'm not sure where I can actually get a verbose enough error to confirm it from Windows itself.

The ongoing discussion on Mozilla's dev-security-policy is https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4

Google is using PQ-crypto internally:
https://cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms

RT @USDigitalCorps@twitter.com

📣 Applications for our 2023 cohort are NOW OPEN! Join us and use your technology skills to help create a more effective, equitable government. Deadline to apply is 11/30 at 11:59pm ET https://digitalcorps.gsa.gov/apply/

🐦🔗: https://twitter.com/USDigitalCorps/status/1594723632449830913

Microsoft Monza is a research unikernel for a non-POSIX environment for running micro-service type workloads in the cloud. In-memory computation with no filesystem, registry or other locally persistent state: https://github.com/microsoft/monza/

👀🔜🫣

https://tailscale.com/blog/introducing-tailscale-funnel/

@lguelorget Real World Crypto for me.

Dispensing some career advice for friends in these interesting times.

Security Design of the AWS Nitro System

https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/security-design-of-aws-nitro-system.html

PDF:
https://docs.aws.amazon.com/pdfs/whitepapers/latest/security-design-of-aws-nitro-system/security-design-of-aws-nitro-system.pdf

Fourth round NIST PQC virtual conference is coming up: https://csrc.nist.gov/Events/2022/fourth-pqc-standardization-conference

Wondering about the direction that "scalable SGX" is taking

https://github.com/intel/linux-sgx/issues/899

@methodtim Random people made polite conversation here. It’s really jarring.