Ryan Dickson @ryancdickson - Twitter Profile

about 2 years ago

Thank you @PrincetonCITP for introducing this work to the CA/Browser Forum at F2F Meeting 57!

about 2 years ago

CA/Browser Forum ballot SC-067 is in discussion to require Multi-Perspective Issuance Corroboration (aka MPIC) by CAs for domain validation and CAA checks to make certain attacks on #TLS validation more difficult https://t.co/KVQJkq2nDP

0

11

5

0

4K

0

4

0

319

Ryan Dickson @ryancdickson

over 2 years ago

@mholt6 Duration…and I heard that 864,000 seconds (or less) is a great default value. 😃 https://t.co/0GnkRe9o4s

0

49

Ryan Dickson @ryancdickson

over 2 years ago

@__apf__ She’s just trying to get buzzed in! Looks like a honeybee, who will be responsible for producing 1/12 of a teaspoon of honey in her ~45 day lifetime! Un-bee-lievable!

0

2

0

76

Ryan Dickson @ryancdickson

over 2 years ago

@rmhrisk Ran it against Let’s Encrypt, https://t.co/1knovMDUCF, ZeroSSL, BuyPass, and Google Trust Services moments after getting his email! Thank you Andrew, indeed!

0

2

0

183

Who to follow

Eric Rescorla

@ekr____

Protocol designer, trail runner Blog: https://t.co/wJzXSZuYjw Newsletter: https://t.co/0rlUOwNnQO If you like this stuff, please tell others.

Feisty Duck

@feistyduck

The place for TLS and PKI education. Publishers of Bulletproof TLS and PKI. Authors of Practical TLS and PKI training. Cryptography & Security Newsletter.

Ryan Hurst

@rmhrisk

Dropout. Father. I build things. Security, Cryptography, Engineering, Entrepreneurship. @peculiarventure + xMSFT + xGOOG ++. also on https://t.co/FaDXJfnZBm & Bluesky

ryancdickson retweeted

Ryan Hurst

@rmhrisk

over 2 years ago

Chrome gets it, ACME and automation is the key to unlocking reliable, at-scale certificate usage. #WebPKI https://t.co/FlRwzd2wOM

0

21

10

6

4K

Ryan Dickson @ryancdickson

almost 3 years ago

@dadrian But *this* time will be different!

0

1

0

216

ryancdickson retweeted

Ryan Hurst

@rmhrisk

about 3 years ago

Do you use ACME in a enterprise or large scale service and would be willing to be quoted on a site focused on increasing ACME adoption about your experience? If so please DM me and I’ll share more context.

0

3

10

0

4K

Ryan Dickson @ryancdickson

about 3 years ago

@mholt6 This is my fourth year. It’ll be a lifelong hobby.

0

2

0

36

Ryan Dickson @ryancdickson

about 3 years ago

It’s been an un-bee-lievable year for beekeeping. So far, I’ve pulled almost 300 pounds (about 25 gallons) of honey from two hives - and there’s still a few weeks left in the season!

1

11

0

733

Ryan Dickson @ryancdickson

about 3 years ago

@mholt6 @Crypt32 @rmhrisk @webprofusion Stapling is great, but it’s barely used. We describe our observations re: stapling in the background doc linked via the Pull Request I shared earlier. Link: https://t.co/LIP9jLD21C

2

3

0

206

Ryan Dickson @ryancdickson

about 3 years ago

@rmhrisk @mholt6 @webprofusion Within the CA/B Forum, it feels like we’re getting close to voting on the proposed SC-63, which intends to make OCSP optional (enhancing user privacy), and incentivizes automation and short-lived certificates. More here: https://t.co/KXv9Z6zpNo

1

10

1

0

522

Ryan Dickson @ryancdickson

about 3 years ago

@mjg59 We have a general FAQ located here (https://t.co/1S192uOct7), and generally describe the Windows certificate stores we pull from here (https://t.co/WF2wRG7FW3). If you can share more specifics about the issues you faced, I’d be happy to see how we can improve the FAQ.

1

0

43

Ryan Dickson @ryancdickson

about 3 years ago

@mholt6 @rmhrisk @mholt6 - can you share your specific concerns/suggested areas of improvement re: ARI?

1

0

125

Ryan Dickson @ryancdickson

about 3 years ago

@seakoz @elonmusk Don’t forget to practice “defense-in-depth” by also storing the hashes and notAfter dates in a poorly named spreadsheet owned by the Admin who was replaced “5 admins ago.” 🤓

0

2

0

83

Ryan Dickson @ryancdickson

about 3 years ago

It’s time to automate certificate management @elonmusk!

Elon Musk

@elonmusk

about 3 years ago

Caused by expired ground station cert. We’re scrubbing the system for other single-point vulnerabilities.

1K

17K

999

90

5M

0

13

4

0

2K

ryancdickson retweeted

Elon Musk

@elonmusk

about 3 years ago

Caused by expired ground station cert. We’re scrubbing the system for other single-point vulnerabilities.

1K

17K

999

90

5M

Ryan Dickson @ryancdickson

over 3 years ago

@jozefizso Not everyone supports automation to the extent that “short-lived” certificates can be the norm. However, we’re trying to incentivize their use within the CA/Browser Forum (https://t.co/KXv9Z6yRXQ).

0

1

0

522

Ryan Dickson @ryancdickson

over 3 years ago

Let’s move the web PKI forward - together. https://t.co/n5S6CooFKc

5

58

22

7

26K

Ryan Dickson @ryancdickson

over 3 years ago

@awakecoding @BoreanJordan And, FWIW, many CAs agree that certificate lifetime should be shortened. Example: https://t.co/PicMk7vRVH

1

2

0

63

Ryan Dickson @ryancdickson

over 3 years ago

@awakecoding @BoreanJordan Root programs (like Chrome’s) define expectations and minimum requirements for initial and continued inclusion of a certificate in the corresponding root store (e.g., https://t.co/bKBkksYzqV). Those requirements are defined at the program operator’s sole discretion.

1

0

76

Ryan Dickson @ryancdickson

over 3 years ago

@awakecoding @BoreanJordan Personal opinion: we must prioritize security over profitability. Every time.

2

4

0

128

Ryan Dickson

@ryancdickson

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users