Cryptography

💬 This is a comment on 6-day and IP Address Certificates are Generally Available by Matthew McPherrin (via) Let’s Encrypt has just announced that short-lived1 certificates are generally available. They can also be used for IP addresses, which is especially useful for DNS over HTTPS. Those certificates could be smaller in the future, if information for validity checks is omitted. However, for now at least, these certificates still include revocation information. ...

A Man-in-the-Middle Attack I host my own instance of miniflux, an RSS reader. I do it as a hobby, I enjoy the learning opportunities that come along the way. One such opportunity presented itself in November 2023. Back then, a Man-in-the-Middle attack was reported against jabber.ru. You can go read the full details on that blog post, but let’s go over its main aspects. Without the attacker, a client connects directly to the jabber.ru server over TLS: ...

Announcement I’m now signing my git commit and tags with an SSH key. Details of the fingerprint can be found in the security document. It says that commit after 2024-01-01 are going to be signed, because I’m starting now on one machine and I will propagate the configuration over the next few days to other machines. Why Why bother with cryptographic signatures? Anyone can pretend to be me. They just need to write my name and email in the author fields of a commit message. However1, I’m the only one able to produce signatures with that particular public key. This will help to check that I’m actually the author of the commits and tags you rely on when using my code. ...