Certificate image standard published as RFC 6170
2011-May-11 21:18 Filed in:All, Protocols
Recently the certificate image standard developed by 3xA Security together with Russ Housley (IETF Chair), Adobe and in cooperation with VeriSign was adobted by the IETF as RFC 6170 (http://tools.ietf.org/html/rfc6170).
Read More...
Read More...
Microsoft supports EU Signature standard in Office 2010
Microsoft has decided to support the EU digital signature format XAdES in Office 2010.
Read more about this at: http://blogs.technet.com/office2010/archive/2009/12/08/digital-signitures-in-office-2010.aspx
This format builds on the XML Digital signature standard from W3C which is the globally accepted standard for XML signatures.
Read More...
Read more about this at: http://blogs.technet.com/office2010/archive/2009/12/08/digital-signitures-in-office-2010.aspx
This format builds on the XML Digital signature standard from W3C which is the globally accepted standard for XML signatures.
Read More...
Internationalization - A growing pain for Internet protocol design
International characters are becoming a growing pain for Internet protocol design.
Many protocols just deal with 7-bit ASCII on the basic protocol level while there is an increasing demand for information expression in local languages at the application layer. Various protocols like Internet mail and DNS has addressed this issue by defining conventions to carry international characters over 7-bit ASCII. The problem is rather straightforward as long as the task is limited to presentation of data in a local language context, but grows to a very hard problem when the task is expanded to comparison of canonicalized strings from different sources. The problem is even harder if consistency between visual matching and matching of encoded character strings is required.
The technical plenary at the 76th IETF in Hiroshima (November 8-13 2009) recently focused in on this particular problem. Read More...
Many protocols just deal with 7-bit ASCII on the basic protocol level while there is an increasing demand for information expression in local languages at the application layer. Various protocols like Internet mail and DNS has addressed this issue by defining conventions to carry international characters over 7-bit ASCII. The problem is rather straightforward as long as the task is limited to presentation of data in a local language context, but grows to a very hard problem when the task is expanded to comparison of canonicalized strings from different sources. The problem is even harder if consistency between visual matching and matching of encoded character strings is required.
The technical plenary at the 76th IETF in Hiroshima (November 8-13 2009) recently focused in on this particular problem. Read More...
TLS Cached Info update
I’m currently writing a new standard for TLS which will allow the client to cache big portions of static data exchanged during TLS handshake negotiations and allow the server to omit resending this data on consecutive handshakes, such as in consecutive re-negotiations.
My slides for the TLS meeting today at the Hiroshima IETF, showing the basic approach. is available here: Cached Info (PDF).
Read More...
My slides for the TLS meeting today at the Hiroshima IETF, showing the basic approach. is available here: Cached Info (PDF).
Read More...
Null Prefix attack against TLS Server Certificates
A new embarrassing attack was recently discovered and exploited on Server Certificates and their validation in many current browser environments.
The discovery is that current deployment of domain name matching between the domain expressed in the certificate and the domain protected by the certificate use string matching which treat character 00 (\0) as end of string.
Read More...
The discovery is that current deployment of domain name matching between the domain expressed in the certificate and the domain protected by the certificate use string matching which treat character 00 (\0) as end of string.
Read More...