/dev/blog

A tale of awesomazing sandcastles

The new ACME v2 protocol for Let's Encrypt certificates is live! Among other things, this now allows wildcard certificates to be obtained. This allows many individual certificates (such as subdomains) to be reduced to one, and no additional certificates are required for multiple subdomains.

Continue Reading...

Since August 2014, the members of IETF and other stakeholders have been working on the upcoming TLS version 1.3. After some delay due to the surprisingly negative field test results caused by middleboxing, the current draft is now submitted.

Continue Reading...

Some time ago I installed a Pi-hole on a Raspberry Pi at home to filter unwanted ads. This works very well after some startup problems (self-made firewall problems). This will now filter all network traffic on my network, including TVs, smartphones, tablets, and so on.
Especially devices such as smartphones, which often feature in-app ads, benefit from filtering DNS requests directly on the DNS server. Not only ads are filtered, but also tracker from Samsung TV, Google Analytics or Sonos (which can't be turned off).

More information about the Pi-hole and instructions for installation can...

Continue Reading...

Do we need a new Internet? According to various researchers and professors in the Internet field, yes. They have developed a new network architecture: Scalability, Control, and Isolation on next-generation Networks (SCION), which I would like to introduce to you. I was attanding a talk of the ISSS (Internet Security Society Switzerland) and Adrian Perrig personally presented his work, which has been ongoing since 2009, to the participants.

Continue Reading...

Anyone who has already dealt with the security of the DNS protocol had to realize that it can be easily manipulated, monitored and censored without much effort. These censors are not only theory, but are already implemented by various countries. To cover these topics in the DNS protocol, several extensions were specified, such as DNSSEC with DANE/TLSA to detect man-in-the-middle attacks. The newest approaches in this area go a step further and encrypt the whole DNS traffic.

Continue Reading...