Feisty Duck
@feistyduck.com
The place for TLS and PKI education. Publishers of Bulletproof TLS and PKI. Authors of Practical TLS and PKI training. Cryptography & Security Newsletter.
New dates! Practical TLS and PKI Training - 23-26 Feb 2026. We have a limited number of Early Bird tickets available. From Ivan Ristic and with Scott Helme, based on Bulletproof TLS and PKI. www.feistyduck.com/training/pra...
November 12, 2025 at 12:02 PM
New dates! Practical TLS and PKI Training - 23-26 Feb 2026. We have a limited number of Early Bird tickets available. From Ivan Ristic and with Scott Helme, based on Bulletproof TLS and PKI. www.feistyduck.com/training/pra...
Cryptography & Security Newsletter is out! In the October issue:
Web PKI Ditches TLS Client Authentication
- How Many Public PKIs Are There?
- Impact on Certificate Transparency
Short News
www.feistyduck.com/newsletter/i...
Web PKI Ditches TLS Client Authentication
- How Many Public PKIs Are There?
- Impact on Certificate Transparency
Short News
www.feistyduck.com/newsletter/i...
October 30, 2025 at 12:42 PM
Cryptography & Security Newsletter is out! In the October issue:
Web PKI Ditches TLS Client Authentication
- How Many Public PKIs Are There?
- Impact on Certificate Transparency
Short News
www.feistyduck.com/newsletter/i...
Web PKI Ditches TLS Client Authentication
- How Many Public PKIs Are There?
- Impact on Certificate Transparency
Short News
www.feistyduck.com/newsletter/i...
Halloween Discount on Practical TLS and PKI Training! 🎃 $500 off on the final training of the year, Nov 10-13. For devs and sysadmins: how to deploy secure servers and design secure web applications
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
October 29, 2025 at 5:56 PM
Halloween Discount on Practical TLS and PKI Training! 🎃 $500 off on the final training of the year, Nov 10-13. For devs and sysadmins: how to deploy secure servers and design secure web applications
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
Tile trackers, used by 88 million people worldwide, send critical data without encryption.
archive.ph/GyFtT
archive.ph/GyFtT
October 29, 2025 at 4:09 PM
Tile trackers, used by 88 million people worldwide, send critical data without encryption.
archive.ph/GyFtT
archive.ph/GyFtT
David Adrian (who works for Google on Chrome security) doesn’t think Web PKI needs revocation. dadrian.io/blog/posts/r...
October 28, 2025 at 4:09 PM
David Adrian (who works for Google on Chrome security) doesn’t think Web PKI needs revocation. dadrian.io/blog/posts/r...
Filippo Valsorda is looking at how to best archive CT logs for posterity. groups.google.com/a/chromium.o...
October 28, 2025 at 11:05 AM
Filippo Valsorda is looking at how to best archive CT logs for posterity. groups.google.com/a/chromium.o...
Over at CA/Browser Forum, post-quantum cryptography is now part of S/MIME Basic Requirements, via ballot SMC013. cabforum.org/2025/07/02/b...
October 27, 2025 at 4:08 PM
Over at CA/Browser Forum, post-quantum cryptography is now part of S/MIME Basic Requirements, via ballot SMC013. cabforum.org/2025/07/02/b...
The previously failed attack on lattice-based cryptography is allegedly coming back after fixes. www.linkedin.com/posts/bart-p...
October 27, 2025 at 11:05 AM
The previously failed attack on lattice-based cryptography is allegedly coming back after fixes. www.linkedin.com/posts/bart-p...
A whistleblower has sued Meta over alleged WhatsApp security flaws.
web.archive.org/web/20250908...
web.archive.org/web/20250908...
October 23, 2025 at 10:05 AM
A whistleblower has sued Meta over alleged WhatsApp security flaws.
web.archive.org/web/20250908...
web.archive.org/web/20250908...
Apple’s new phones come with a new feature called Memory Integrity Enforcement, which makes exploitation more difficult. www.linkedin.com/posts/activi...
October 22, 2025 at 3:07 PM
Apple’s new phones come with a new feature called Memory Integrity Enforcement, which makes exploitation more difficult. www.linkedin.com/posts/activi...
Video recordings of DigiCert’s World Quantum Readiness day are now available. www.digicert.com/world-quantu...
October 20, 2025 at 3:31 PM
Video recordings of DigiCert’s World Quantum Readiness day are now available. www.digicert.com/world-quantu...
Luke Valenta writes at length about the difference between post-quantum cryptography and quantum security technology. You need the former, not necessarily the latter. blog.cloudflare.com/you-dont-nee...
October 17, 2025 at 10:05 AM
Luke Valenta writes at length about the difference between post-quantum cryptography and quantum security technology. You need the former, not necessarily the latter. blog.cloudflare.com/you-dont-nee...
Virtual SIM cards (eSIMs) are making it easier to switch phone providers, but many seem to route network traffic via unexpected remote places, such as China. alertify.eu/silent-esim-...
October 16, 2025 at 3:06 PM
Virtual SIM cards (eSIMs) are making it easier to switch phone providers, but many seem to route network traffic via unexpected remote places, such as China. alertify.eu/silent-esim-...
In Russia, a new, government-sponsored chat app is being preinstalled on all new phones. It’s been called a privacy nightmare. www.forbes.com/sites/thomas...
October 15, 2025 at 10:05 AM
In Russia, a new, government-sponsored chat app is being preinstalled on all new phones. It’s been called a privacy nightmare. www.forbes.com/sites/thomas...
Trail of Bits released Algo v2.0.0, the next generation of its personal VPN tooling.
Release Algo VPN 2.0.0 · trailofbits/algo
A major release with comprehensive security improvements, performance optimizations, and modernized infrastructure. 🔒 Security Enhancements Certificate Authority constraints (#14811) - Prevents ce...
github.com
October 14, 2025 at 3:06 PM
Trail of Bits released Algo v2.0.0, the next generation of its personal VPN tooling.
There is some movement toward QWAC adoption (via Stephen Davidson); ETSI EN 319 411-2 and ETSI TS 119 411-5 are the relevant standards. www.linkedin.com/posts/srdavi...
October 13, 2025 at 3:06 PM
There is some movement toward QWAC adoption (via Stephen Davidson); ETSI EN 319 411-2 and ETSI TS 119 411-5 are the relevant standards. www.linkedin.com/posts/srdavi...
Jan Schaumman has looked at the deployment of post-quantum cryptography among top websites. www.netmeister.org/blog/pqc-use...
October 10, 2025 at 3:07 PM
Jan Schaumman has looked at the deployment of post-quantum cryptography among top websites. www.netmeister.org/blog/pqc-use...
IPng Networks has published its third post covering the details of CT log operation. ipng.ch/s/articles/2...
October 9, 2025 at 3:06 PM
IPng Networks has published its third post covering the details of CT log operation. ipng.ch/s/articles/2...
The Internet Security Research Group is hiring fundraising professionals.
Careers
Billions of people rely on ISRG / Let's Encrypt to operate critical digital infrastructure for a more secure and privacy-respecting world. Living up to such great responsibility starts with hiring…
www.abetterinternet.org
October 8, 2025 at 3:06 PM
The Internet Security Research Group is hiring fundraising professionals.
Apple is looking to hire a PKI engineer for its Crypto Services team. jobs.apple.com/en-us/detail...
October 7, 2025 at 3:06 PM
Apple is looking to hire a PKI engineer for its Crypto Services team. jobs.apple.com/en-us/detail...
Akamai and Amazon CloudFront have added support for post-quantum cryptography.
www.akamai.com/blog/securit...
aws.amazon.com/about-aws/wh...
www.akamai.com/blog/securit...
aws.amazon.com/about-aws/wh...
October 6, 2025 at 4:07 PM
Akamai and Amazon CloudFront have added support for post-quantum cryptography.
www.akamai.com/blog/securit...
aws.amazon.com/about-aws/wh...
www.akamai.com/blog/securit...
aws.amazon.com/about-aws/wh...
From February 2024 through August 2025, Fina CA issued twelve unauthorized certificates for the 1.1.1.1 IP address used by Cloudflare. blog.cloudflare.com/unauthorized...
Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1
Unauthorized TLS certificates were issued for 1.1.1.1 by a Certification Authority without permission from Cloudflare. These rogue certificates have now been revoked. Read our blog to see how this cou...
blog.cloudflare.com
October 3, 2025 at 10:15 AM
From February 2024 through August 2025, Fina CA issued twelve unauthorized certificates for the 1.1.1.1 IP address used by Cloudflare. blog.cloudflare.com/unauthorized...
Cryptography and Security Newsletter: Over 500 GB of source code, work logs, and internal communication records pertaining to the technology behind (or related to) the Great Firewall of China has been leaked. gfw.report/blog/geedge_...
October 2, 2025 at 2:22 PM
Cryptography and Security Newsletter: Over 500 GB of source code, work logs, and internal communication records pertaining to the technology behind (or related to) the Great Firewall of China has been leaked. gfw.report/blog/geedge_...
Cryptography & Security Newsletter is out! In this issue:
- Waiting for Static CT Logs
- Short News
www.feistyduck.com/newsletter/i...
- Waiting for Static CT Logs
- Short News
www.feistyduck.com/newsletter/i...
September 30, 2025 at 12:29 PM
Cryptography & Security Newsletter is out! In this issue:
- Waiting for Static CT Logs
- Short News
www.feistyduck.com/newsletter/i...
- Waiting for Static CT Logs
- Short News
www.feistyduck.com/newsletter/i...
New dates! Practical TLS and PKI Training - Nov 10-13 2025.
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
September 15, 2025 at 3:33 PM
New dates! Practical TLS and PKI Training - Nov 10-13 2025.
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...