When it comes to secure authentication, the web is in a much worse shape than email. But that's not due to email; it is the web that habitually ignores all the advances that are used everywhere else! Since the web is important, we want to extend HTTP with SASL, the general framework that works so well for almost all the other protocols.
>> Continue reading <<
With our TLS Pool, we are aiming at a wide variety of possible security mechanisms. The reason being, we would like to have more than one secure mechanism ready; if we encounter a problem with one we can then substitute another. In that light we are innovating on a few of the TLS CipherSuites.
>> Continue reading <<
We just released a new API version for the TLS Pool, with many improvements. There are still things missing, but these have mostly been designed and are in the process of being turned into code.
>> Continue reading <<
This is a report of things that are currently taking place in our work on the TLS Pool. Even if changes are currently made in a development branch, their impact is going to be major once it is checked into the mainstream branch.
>> Continue reading <<
In the way we run our web applications these days, it is very hard to get it secure. Web authors may not have the skills or be aware of the risks their site is running, and web hosting provider are not in the loop of maintenance for your application. It’s a lose-lose situation. But that could be remedied.
>> Continue reading <<