In the way we run our web applications these days, it is very hard to get it secure. Web authors may not have the skills or be aware of the risks their site is running, and web hosting provider are not in the loop of maintenance for your application. It’s a lose-lose situation. But that could be remedied.
>> Continue reading <<
It is common practice in today’s world to be provisioning services over the web protocol HTTP. This is a distortion of the original design philosophy of the web, and it leads to great inefficiencies. But fixing it is easy.
>> Continue reading <<
Since support for XP is ending soon, and because IE on XP was the only realistic platform that fails to send SNI alongside its web requests, we can assume that SNI is everywhere. Or at least, that is a safe assumption from April 8th, 2014 -- when IE on XP is officially acknowledged by its source as an insecure browser. (Others have said the same thing for much longer already.) So it is not unlogical to stop supporting browsers without SNI.
>> Continue reading <<
TLS servers often struggle with a limited amount of ports. Even when using IPv6 there may be reasons why this problems shows up; backward compatibility with IPv4 and a desire for central entrance of web traffic to your site are a few. SNItch makes it possible to switch to various backend servers based on the Server Name Indication contained in (at least) web traffic.
This article is part of a series of articles about TLS.
>> Continue reading <<
Previous parts of this series have used the Global Directory for storing public authentication information in the form of public key material. These mechanisms are much better than the common poor man's choice of using passwords. Unfortunately however, we are all poor men (and women) in some parts of our daily lives; we all use protocols and tools that are not capable of those advanced cryptographic exchanges. And a plethora of scripted web-tools is not improving that! So the ideal would be to publish a password verification method in the Global Directory as well. The SRP mechanism makes this possible.
This article is part of a series of articles about the global directory.
>> Continue reading <<