Site Archives security

Beat the Drum: Open Web needs to be Secure!


Mozilla is beating the drum for an Open Web at their new project page “Drumbeat“. Mitchell Baker, the Chair of the Mozilla Foundation has been regularly blogging about a more Open Web and what it might mean for us. There is lots of talk about openness, decentralization, freedom and public resources of the public Internet, […]

Accountability and Privacy


The only condition and requirement StartCom puts forward to potential subscribers of free digital certificates and other services the StartCom Certification Authority provides, is that the subscriber must disclose his private details. This means, the name and address of residence (home address) must be provided during registration for a StartSSL account.
Obviously many try to circumvent […]

Randomly Broken Randomness


No, it’s not a news item anymore. Nevertheless, after scores of revocation requests came in at the StartCom CA because of a vulnerability in the pseudo random number generator of Debian’s OpenSSL package and dozens of news site reported this stupidity, I can’t hold myself back anymore. The developers of Debian apparently decided to fix […]

StartSSLâ„¢ OpenID Provider


A new year and already a new service: StartSSLâ„¢ is going to be an OpenID provider for digital identities! This is great news for various reasons…
Last summer (2007) I asked at this web log if there is going to be a more secure future for OpenID. In that post I explained where the dangers […]