The foundation of society, TLS certificates are a mess - Listen -

The foundation of society, TLS certificates are a mess

Listen now

Description

Josh and Kurt talk about a few stories around the TLS CA certificate world. It's all pretty dire sounding. There's not a lot of organization or process in the space, and the root CAs are literally the foundation of modern society, everything needs them to function. There's not a lot of positive ideas here, it's mostly a show where Kurt explains to Josh what's going on, because Josh doesn't want to care (and will continue to ignore all of this going forward). Show Notes Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates DigiCert Revocation Incident (CNAME-Based Domain Validation) List of Trust Lists

More Episodes

See all »

Wordpress plugin security

Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There's a static analyzer that runs against new submissions. We discuss using static analysis, securing open source, contributing and...

Published 11/18/24

Open Source Security Podcast

Published 11/18/24

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost!...

Published 11/11/24