Blog

• The 0.0.0.0 kerfuffle September 24, 2024
• Why even a little plaintext matters June 7, 2024
• E2EE on the web: is the web really that bad? February 9, 2024
• E2EE on the web: isolating plaintext September 9, 2023
• Complaints about program committees September 8, 2023
• EV as a defense against malicious DV April 1, 2023
• What's the right UX for an expired certificate? January 16, 2023
• The death of the line of death December 18, 2022
• Certificate Transparency is really not a replacement for key pinning August 23, 2022
• When a web PKI certificate won't cut it December 24, 2021
• What's in a blue checkmark? October 22, 2021
• Splitting up trust September 14, 2021
• The fundamental laws of private information retrieval April 28, 2021
• Tips for reading web standards March 14, 2021
• Pa(dding|rtitioning) oracles, and another hot take on PAKEs February 1, 2021
• The phantom webpage, and other woes of warning pages January 3, 2021
• Strict Transport Security vs. HTTPS Resource Records: the showdown October 24, 2020
• After-the-fact warnings September 7, 2020
• Should web apps use PAKEs? July 30, 2020
• Certificate Transparency: a bird's-eye view July 20, 2020
• Debunking the "users always click yes" myth July 14, 2020