The B in BYOK stands for Bullshit [en]

I’ve recently encountered a customer, who insisted on a Bring-Your-Own-Key (BYOK) setup for compliance reason. I’ve always been skeptical about that and I didn’t have to search long for confirmation. This is what the Wikipedia article on BYOK has to say: […] a cloud computing security marketing model […] […] gives the enterprise the perceived …

Let’s Encrypt! [en]

… is where I’m getting the TLS certificates for this blog nowadays (after moving away from CAcert). I’ve been using Let’s Encrypt at work now and then. Many colleagues in my department are heavy users and my employer is a sponsor. So I knew what to expect and how to get started. Nevertheless, here’s a …

OpenSSL CLI-Cheat-Sheet [en]

The OpenSSL library is utilized by a wide range of other open-source projects, like web-servers, mail-servers, VPN-servers, etc. When dealing with such software and SSL, it often proves useful to be familiar with the openssl command-line tools. Of course, OpenSSL does have great man-pages, and a quick web-search reveals plenty of usage examples. However, OpenSSL …

Ubuntu Full-Disk-Encryption – A Field Report [en]

Since my old notebook computer recently gave up on me, I had to install a new one from scratch. I finally decided to give Ubuntu a go, after I had been using Debian (testing) for almost a decade. I must say that I’m really impressed with Ubuntu’s lean installation process, which handles diverse aspects like …

29C3 Talk: Certificate Authority Collapse [en]

Just watching axelarnbak‘s 29C3 talk on Certificate Authority Collapse, which covers structural flaws in SSL. I’ve reported on the mess with SSL before, and you may notice related complications (see CAcert) while browsing this page. After a good summary, the talk mainly focuses on structural problems and regulatory solution approaches. But apparently there are other …

SSL Seriously? [Update] [en]

I just ordered a muilti-domain SSL-certificate for 3 of the websites that are run by my company. It’s a simple domain-validated certificate, so they sent me a validation e-mail to the webmaster address of the domain. Yes, you heard right! I’m saying the domain, cause they only bothered to validate one of the three Domains …