29 Sep 2022
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.
BROUGHT TO YOU BY OUR SPONSOR
Architecture
for Machine Identity Management.
What will your PKI look like when fast application development triggers an explosion of new machine identities?
Read this reference architecture to learn new strategies for orchestrating machine identities in data center,
cloud and edge environments. VENAFI
Peter Eckersley, a security researcher and longtime activist for the Electronic Frontier Foundation (EFF), passed away on September 2. Eckersley was most well-known for having cofounded the Let’s Encrypt certificate authority. Throughout his life, he worked on various projects to improve TLS security.
One of Eckersley’s earlier projects related to TLS security was the creation of the EFF SSL Observatory in 2010. With an internet-wide scan, the project collected all certificates reachable via public IPv4 addresses. Such internet-wide scans are a common tool of security research today. By analyzing this data, Eckersley was able to show that various certificate authorities violated existing rules for certificates. The dataset is still available and can be downloaded for analysis. A video of a presentation at the Chaos Communication Congress from Eckersley and Jesse Burns discussing the SSL Observatory is available online.
Eckersley later developed a proposal for an alternative to the TLS certificate authority system called Sovereign Keys, but it was never practically implemented.
Later, Eckersley was also involved in the development of the HTTPS Everywhere browser extension. This extension would automatically send users to the HTTPS version of a web page if it was available both as HTTP and HTTPS. Last year the EFF announced that the HTTPS Everywhere extension is now deprecated—due to its success. HTTPS is now by and large the default on the web, and such an extension is no longer needed.
That HTTPS was able to become so prevalent is in part also the work of Eckersley. Together with Alex Haldermann, he started developing a protocol for the automated issuance of TLS certificates in 2012. The pair then learned about a team at Mozilla that wanted to start a free certificate authority, and they joined forces. The results of these efforts were the ACME protocol and the Let’s Encrypt certificate authority.
As all readers of this newsletter probably will know, Let’s Encrypt allows free and automated issuance of TLS certificates. It is likely that HTTPS was only able to become so prevalent on the web because these efforts made it easy and free to get TLS certificates.
Later in life, Eckersley founded the AI Objectives Institute, an organization working on the ethical issues tied to AI and machine learning technologies.
Eckersley was 43 years old. He had a lasting impact on the security of the internet and TLS and he will be missed.
This subscription is just for the newsletter; we won't send you anything else.
Here are some things that caught our attention since the previous newsletter:
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 2,000 students who have benefited from more than a decade of deep TLS and PKI expertise.