Home Books Training Newsletter Resources
Sign up Log in

Cryptography & Security Newsletter

Newsletter Archive

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

2025


  • #126 Internet PKI to Integrate DNSSEC 30 Jun 2025
  • #125 Passkeys Gain Momentum 29 May 2025
  • #124 Certificate Lifetimes to Shrink to Just Forty-Seven Days 30 Apr 2025
  • #123 Mozilla Fixes Certificate Revocation Checking 31 Mar 2025
  • #122 QWAC Technical Details Emerge 28 Feb 2025
  • #121 The Slow Death of OCSP 30 Jan 2025
  • 2024


    • #120 Short-Lived Certificates Are Coming in 2025 31 Dec 2024
    • #119 NIST Publishes Roadmap for Post-Quantum Transition 28 Nov 2024
    • #118 Apple Wants to Limit Certificates to Forty-Five Days 31 Oct 2024
    • #117 Smart TVs Are Watching You 26 Sep 2024
    • #116 Post-Quantum Cryptography Arrives 29 Aug 2024
    • #115 RADIUS/UDP Considered Harmful 30 July 2024
    • #114 Entrust in Trouble 27 Jun 2024
    • #113 EU Clings to the Pervasive Surveillance Dream 30 May 2024
    • #112 Facebook Used MITM to Spy on Competition 30 Apr 2024
    • #111 European Union Starts to Confront Digital Platforms’ Dominance 28 Mar 2024
    • #110 Apple’s New Messaging Protocol Raises the Bar for Post-Quantum Security 29 Feb 2024
    • #109 CA/Browser Forum Adopts CAA for S/MIME Certificates 31 Jan 2024
    • 2023


      • #108 SSH Protocol Vulnerable to MITM Attack 29 Dec 2023
      • #107 European Union Presses Ahead with Article 45 30 Nov 2023
      • #106 Encrypted Client Hello and the Last Network Privacy Gap 31 Oct 2023
      • #105 Microsoft’s Compromised Private Key 27 Sep 2023
      • #104 VPNs Still Don’t Work 30 Aug 2023
      • #103 RFC 9420: Messaging Layer Security 27 Jul 2023
      • #102 Four CA Stories: The Good (Times Two), the Bad, and the Ugly 29 Jun 2023
      • #101 End-to-End Encryption under Attack 31 May 2023
      • #100 OpenSSL Cookbook Released Under CC BY-NC 26 Apr 2023
      • #99 Sabre CT Log Issued Invalid SCTs 29 Mar 2023
      • #98 CAA Expands into New Use Cases 28 Feb 2023
      • #97 Password Managers and PBKDF2 in the Spotlight 31 Jan 2023

      2022


      • #96 TrustCor Not Trusted 29 Dec 2022
      • #95 The Battle of QWACs Is in Full Swing 30 Nov 2022
      • #94 OpenSSL fixes buffer overflows in certificate parsing 1 Nov 2022
      • #93 In memory of Peter Eckersley 29 Sep 2022
      • #92 The end of SIDH and SIKE 31 Aug 2022
      • #91 NIST announces preliminary winners of post-quantum competition 28 Jul 2022
      • #90 Hertzbleed shows how CPU frequency scaling can lead to side-channel attacks 30 Jun 2022
      • #89 Certificate Transparency data is used to compromise WordPress before installation 31 May 2022
      • #88 Two zeros bypass Java’s ECDSA signature check 28 Apr 2022
      • #87 Russia creates certificate authority in response to sanctions 31 Mar 2022
      • #86 EU plans to mandate less secure certificates in browsers 28 Feb 2022
      • #85 WebTransport allows TLS connections with certificate hash 27 Jan 2022

      2021


      • #84 RFC 9155 deprecates MD5 and SHA-1 signatures in TLS handshake messages 30 Dec 2021
      • #83 Post-Quantum Signatures in TLS will be challenging 30 Nov 2021
      • #82 Expiration of DST Root CA causes problems with Let’s Encrypt certificates 28 Oct 2021
      • #81 HTTPS Everywhere plug-in no longer needed 30 Sep 2021
      • #80 Vulnerabilities show fragility of STARTTLS 31 Aug 2021
      • #79 The end of FTP in browsers 30 Jul 2021
      • #78 ALPACA shows TLS cross-protocol attacks 29 Jun 2021
      • #77 QUIC graduates to RFC 9000 28 May 2021
      • #76 In memoriam: Dan Kaminsky 29 Apr 2021
      • #75 IETF formally deprecates TLS 1.0 and 1.1 31 Mar 2021
      • #74 Rust and cryptographic code 25 Feb 2021
      • #73 Google Chrome distrusts Camerfirma 28 Jan 2021
      • #72 Cross-signature will keep Let’s Encrypt compatible with old Android 5 Jan 2021

      2020


      • #71 Firefox introduces HTTPS-only mode 26 Nov 2020
      • #70 Chrome developers want to eliminate mixed content 29 Oct 2020
      • #69 Raccoon attack shows design flaw in old TLS 30 Sep 2020
      • #68 Great Firewall of China blocks encrypted SNI extension 27 Aug 2020
      • #67 Intermediate certificates with OCSP capability cause trouble 30 Jul 2020
      • #66 Expired AddTrust certificate causes trouble 30 Jun 2020
      • #65 Private key of DigiCert Certificate Transparency log compromised 28 May 2020
      • #64 GCC code analyzer finds bug in OpenSSL 30 Apr 2020
      • #63 The Let’s Encrypt Certificate Authority Authorization incident 31 Mar 2020
      • #62 One-year certificate lifetimes are coming 27 Feb 2020
      • #61 Vulnerability in Windows allows certificate forgery with elliptic curves 30 Jan 2020

      2019


      • #60 New factoring and discrete log records, but RSA stays safe 31 Dec 2019
      • #59 Testing of delegated credentials begins 28 Nov 2019
      • #58 Elliptic curve implementations vulnerable to Minerva timing attack 31 Oct 2019
      • #57 Mozilla and Chrome about to enable DNS over HTTPS 26 Sep 2019
      • #56 Firefox and Chrome will remove GUI indicator for Extended Validation certificates 29 Aug 2019
      • #55 Kazakhstan intercepts TLS traffic 30 Jul 2019
      • #54 Network Time Security could finally bring support for authenticated network time 27 Jun 2019
      • #53 Certificate Authority Certinomis removed from Firefox browser 30 May 2019
      • #52 Gmail starts using MTA-STS 30 Apr 2019
      • #51 Trouble with a missing random bit in serial numbers 28 Mar 2019
      • #50 DarkMatter from the United Arab Emirates operates a certificate authority 28 Feb 2019
      • #49 Disabling insecure Let’s Encrypt validation will cause some broken HTTPS setups 31 Jan 2019
      • #48 Google starts CECPQ2, a new postquantum key exchange for TLS  3 Jan 2019

      2018


      • #47 Attacking cryptography with side channels 29 Nov 2018
      • #46 The end of TLS 1.0 and 1.1 30 Oct 2018
      • #45 Visa certificate authority in trouble 27 Sep 2018
      • #44 TLS 1.3 is here 30 Aug 2018
      • #43 Chrome now says “not secure” for HTTP web pages 31 Jul 2018
      • #42 Does TLS have to change constantly to make it future-proof? 28 Jun 2018
      • #41 Domain fronting: Cloud providers stop censorship-circumvention tool 31 May 2018
      • #40 Certificate Transparency logging is now mandatory 30 Apr 2018
      • #39 Trustico debacle shows risk of key generation by resellers 29 Mar 2018
      • #38 Chrome will mark HTTP pages as not secure 28 Feb 2018
      • #37 Cloud provider vulnerability causes Let's Encrypt to disable SNI domain validation 31 Jan 2018
      • #36 Private keys in software from Blizzard, Electronic Arts, Microsoft, and BRAK 3 Jan 2018

      2017


      • #35 Return of Bleichenbacher's Oracle Attack (ROBOT) 12 Dec 2017
      • #34 Comodo gets controversial new owner 30 Nov 2017
      • #33 Why TLS 1.3 isn’t there yet 31 Oct 2017
      • #32 CAA is now mandatory 28 Sep 2017
      • #31 Symantec sells certificate business to DigiCert 31 Aug 2017
      • #30 Leaked private keys and revocations based on fake private keys 31 Jul 2017
      • #29 Cisco and Spotify ship private keys in applications 29 Jun 2017
      • #28 Let's Encrypt downtime 31 May 2017
      • #27 Certificate Transparency requirement delayed 28 Apr 2017
      • #26 Google plans to distrust all current Symantec certificates 30 Mar 2017
      • #25 SHA-1 is broken 28 Feb 2017
      • #24 Firefox and Chrome start warning about insecure login forms 31 Jan 2017
      • #23 2016: The year HTTPS became dominant 4 Jan 2017

      2016


      • #22 TLS 1.3 in final stages and SHA-1 deprecation 30 Nov 2016
      • #21 Certificate Transparency for all new certs, backdoors in primes, WoSign and Comodo 27 Oct 2016
      • #20 Mozilla no longer trusts WoSign and StartCOM, Comodo issues top level domain certs 29 Sep 2016
      • #19 SWEET32, HEIST/TIME, PAC and WPAD leak HTTPS URLs 31 Aug 2016
      • #18 Version Intolerance and TLS 1.3, Google & Post-Quantum Cryptography, StartEncrypt 28 Jul 2016
      • #17 Let's Encrypt trademark dispute, discrete logarithm record, ChaCha20 and more 30 Jun 2016
      • #16 Nonce reuse in GCM, another Padding Oracle, HTTPS by default and more 26 May 2016
      • #15 WordPress.com and others enable HTTPS by default 28 Apr 2016
      • #14 SMTP Strict Transport Security may improve transport encryption for email 31 Mar 2016
      • #13 DROWN attack shows danger of supporting old SSL v2 protocol 1 Mar 2016
      • #12 OpenSSL security update and the trouble with non-safe primes 25 Feb 2016
      • #11 New SLOTH and CurveSwap attacks against TLS discovered 27 Jan 2016

      2015


      • #10 CloudFlare and Facebook propose to delay SHA1 deprecation 21 Dec 2015
      • #9 eDellRoot certificate endangers users of Dell computers 30 Nov 2015
      • #8 RC4 finally going away 15 Sep 2015
      • #7 Logjam attack against weak DH key exchange 21 May 2015
      • #6 FREAK attacks SSL/TLS clients 06 Mar 2015
      • #5 SHA1 deprecation continues 13 Feb 2015

      2014


      • #4 New POODLE attack on TLS discovered 08 Dec 2014
      • #3 Support for SSL v3 is eroding 28 Nov 2014
      • #2 POODLE attack on SSL 3 16 Oct 2014
      • #1 SHA1 Deprecation 02 Oct 2014

Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.

Remote and trainer-led, with small classes and a choice of timezones.

Join over 2,000 students who have benefited from more than a decade of deep TLS and PKI expertise.

Find out More

@feistyduck

Books

  • Bulletproof TLS and PKI
  • ModSecurity Handbook
  • OpenSSL Cookbook

Training

  • Practical TLS and PKI

Resources

  • Newsletter
  • SSL/TLS and PKI History
  • Archived Books
  • Bulletproof TLS Guide

Company

  • Support
  • Website Terms of Use
  • Terms and Conditions
  • Privacy Policy
  • About Us