31 May 2023
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Ivan Ristić.
For many, fully protected communication with end-to-end encryption is the ultimate destination of communication protocols. It seems that we got close to it in recent years, finding the right combination of technology, usability, and public awareness and popularity. The deciding factor was the paradigm shift of transitioning to mobile devices and messengers for most of our communication. The latest applications are all promoting their privacy-preserving capabilities in one shape or another.
These developments have not gone unnoticed by governments worldwide. Improvements in the security of network communications are detrimental to signals intelligence (SIGINT), which is at the cornerstone of intelligence gathering. A decade ago, most communications may have been in plaintext. Today, there is less and less data to consume and analyze. As a result, governments have been working continuously to find new sources of information as well as embed themselves in the communication channels.
This month, for example, it came to light that the European Council continues to discuss scanning of all interpersonal communication and is also considering expanding the scope of its legislation to include audio. This came on the back of leaked legal advice that highlights many issues with the proposed plans.
Ashton Kutcher apparently spoke to the European Parliament in support of client-side scanning of private communication. Who knew? Cryptographer Matthew Green is worried that politicians won’t understand what the proposed technology can and cannot do.
In the US, the STOP CSAM Act could make encryption illegal, according to some opinions. According to leaked information, EU and US officials held talks in March and agreed to jointly pursue lawful access to private encrypted information.
If you recall, last month, representatives of leading messenger applications wrote to the British government to oppose the Online Safety Bill. In India, messenger applications are already blocked. This month, Element became the fourteenth messaging app to be blocked by the Central Indian Government.
This subscription is just for the newsletter; we won't send you anything else.
Here are some things that caught our attention since the previous newsletter:
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 2,000 students who have benefited from more than a decade of deep TLS and PKI expertise.