<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (rcrowley)</title>
    <link>https://pinboard.in/u:rcrowley/public/</link>
    <description>recent bookmarks from rcrowley</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="https://www.chainguard.dev/unchained/building-the-first-memory-safe-distro-wolfi"/>
	<rdf:li rdf:resource="https://aws.amazon.com/blogs/security/enable-post-quantum-key-exchange-in-quic-with-the-s2n-quic-library/"/>
	<rdf:li rdf:resource="https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/"/>
	<rdf:li rdf:resource="https://smallstep.com/blog/automate-docker-ssl-tls-certificates/"/>
	<rdf:li rdf:resource="https://latacora.micro.blog/a-childs-garden/"/>
	<rdf:li rdf:resource="https://mobile.twitter.com/colmmacc/status/1057017343438540801"/>
	<rdf:li rdf:resource="https://github.com/adferrand/dnsrobocert/blob/master/README.rst"/>
	<rdf:li rdf:resource="https://github.com/colmmacc/nf_conntrack_tls"/>
	<rdf:li rdf:resource="https://diogomonica.com/2017/01/11/hitless-tls-certificate-rotation-in-go/"/>
	<rdf:li rdf:resource="https://smallstep.com/blog/everything-pki.html"/>
	<rdf:li rdf:resource="https://tls13.ulfheim.net/"/>
	<rdf:li rdf:resource="https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/"/>
	<rdf:li rdf:resource="https://blog.apnic.net/2017/12/12/internet-protocols-changing/"/>
	<rdf:li rdf:resource="https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/"/>
	<rdf:li rdf:resource="https://stripe.ian.sh/"/>
	<rdf:li rdf:resource="https://netdevconf.org/1.2/papers/ktls.pdf"/>
	<rdf:li rdf:resource="https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html?m=1"/>
	<rdf:li rdf:resource="https://github.com/letsencrypt/boulder"/>
	<rdf:li rdf:resource="https://letsencrypt.org//2015/11/09/why-90-days.html"/>
	<rdf:li rdf:resource="https://letsencrypt.org//2015/10/29/phishing-and-malware.html"/>
	<rdf:li rdf:resource="https://www.imperialviolet.org/2015/10/17/boringssl.html"/>
	<rdf:li rdf:resource="http://googleonlinesecurity.blogspot.com/2015/09/disabling-sslv3-and-rc4.html"/>
	<rdf:li rdf:resource="https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/"/>
	<rdf:li rdf:resource="https://github.com/awslabs/s2n"/>
	<rdf:li rdf:resource="http://groob.io/posts/internal_ca/"/>
	<rdf:li rdf:resource="https://www.chromium.org/Home/chromium-security/education/tls"/>
	<rdf:li rdf:resource="http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/"/>
	<rdf:li rdf:resource="https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning"/>
	<rdf:li rdf:resource="https://sethvargo.com/getting-an-a-plus-on-qualys-ssl-labs-tester/"/>
	<rdf:li rdf:resource="https://knowledge.geotrust.com/support/knowledge-base/index?page=content&amp;id=AR1421&amp;actp=RELATED_RESOURCE"/>
	<rdf:li rdf:resource="https://letsencrypt.org/"/>
	<rdf:li rdf:resource="https://groups.google.com/forum/#!topic/golang-nuts/oK3EBAY2Uig"/>
	<rdf:li rdf:resource="http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html"/>
	<rdf:li rdf:resource="http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html"/>
	<rdf:li rdf:resource="https://www.openssl.org/about/secpolicy.html"/>
	<rdf:li rdf:resource="https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1"/>
	<rdf:li rdf:resource="http://lists.openwall.net/linux-kernel/2014/07/17/235"/>
	<rdf:li rdf:resource="https://www.imperialviolet.org/2014/06/05/earlyccs.html"/>
	<rdf:li rdf:resource="http://ccsinjection.lepidum.co.jp/"/>
	<rdf:li rdf:resource="http://it.slashdot.org/story/14/04/30/1822209/openssh-no-longer-has-to-depend-on-openssl"/>
	<rdf:li rdf:resource="https://github.com/cchandler/certificate_authority"/>
	<rdf:li rdf:resource="https://github.com/jmhodges/libssl"/>
	<rdf:li rdf:resource="http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/"/>
	<rdf:li rdf:resource="https://www.imperialviolet.org/2012/02/05/crlsets.html"/>
	<rdf:li rdf:resource="https://github.com/jsermeno/easycert_openssl"/>
	<rdf:li rdf:resource="http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed"/>
	<rdf:li rdf:resource="http://www.seacat.mobi/blog/heartbleed"/>
	<rdf:li rdf:resource="http://article.gmane.org/gmane.os.openbsd.misc/211963"/>
	<rdf:li rdf:resource="http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3"/>
	<rdf:li rdf:resource="http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html"/>
	<rdf:li rdf:resource="http://launchpadlibrarian.net/172128742/openssl_1.0.1-4ubuntu5.11_1.0.1-4ubuntu5.12.diff.gz"/>
	<rdf:li rdf:resource="https://github.com/FiloSottile/Heartbleed"/>
	<rdf:li rdf:resource="http://www.ubuntu.com/usn/usn-2165-1/"/>
	<rdf:li rdf:resource="http://heartbleed.com/"/>
	<rdf:li rdf:resource="https://polarssl.org/"/>
	<rdf:li rdf:resource="http://www.isg.rhul.ac.uk/tls/"/>
	<rdf:li rdf:resource="https://blog.serverdensity.com/how-to-secure-your-webapp/"/>
	<rdf:li rdf:resource="https://github.com/pquerna/selene"/>
	<rdf:li rdf:resource="http://curl.haxx.se/docs/caextract.html"/>
	<rdf:li rdf:resource="https://hynek.me/articles/apple-openssl-verification-surprises/"/>
	<rdf:li rdf:resource="https://gist.github.com/davepeck/9151493#file-oops-c-L58"/>
	<rdf:li rdf:resource="https://gist.github.com/alexyakoubian/9151610/revisions"/>
	<rdf:li rdf:resource="https://gotofail.com/"/>
	<rdf:li rdf:resource="https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite"/>
	<rdf:li rdf:resource="https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx.conf"/>
	<rdf:li rdf:resource="https://istlsfastyet.com/"/>
	<rdf:li rdf:resource="http://blog.litespeedtech.com/2013/07/03/the-openlitespeed-features-keep-coming-websocket-proxy-ocsp-stapling/"/>
	<rdf:li rdf:resource="http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_KEY_USAGE_EXTENSIONS_FOR_INTERNET_CERTIFICATES_1521_OVER.html"/>
	<rdf:li rdf:resource="https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy"/>
	<rdf:li rdf:resource="http://convergence.io/details.html"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="https://www.chainguard.dev/unchained/building-the-first-memory-safe-distro-wolfi">
    <title>Building the first memory safe distro</title>
    <dc:date>2023-02-06T05:31:22+00:00</dc:date>
    <link>https://www.chainguard.dev/unchained/building-the-first-memory-safe-distro-wolfi</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[I have a lot of questions but this is certainly an exciting-sounding thing.]]></description>
<dc:subject>chainguard wolfi linux rust rustls tls curl memory safety security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:0a0bda4dd695/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:chainguard"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:wolfi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:linux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:rust"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:rustls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:curl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:memory"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:safety"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://aws.amazon.com/blogs/security/enable-post-quantum-key-exchange-in-quic-with-the-s2n-quic-library/">
    <title>Enable post-quantum key exchange in QUIC with the s2n-quic library | AWS Security Blog</title>
    <dc:date>2022-07-27T14:35:10+00:00</dc:date>
    <link>https://aws.amazon.com/blogs/security/enable-post-quantum-key-exchange-in-quic-with-the-s2n-quic-library/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[It’s getting harder and harder to just put something on the Internet.]]></description>
<dc:subject>s2n quic tls pq quantum postquantum aws</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:0c4be6cc7938/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:s2n"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:quic"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pq"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:quantum"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:postquantum"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:aws"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/">
    <title>A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography</title>
    <dc:date>2022-02-08T21:58:34+00:00</dc:date>
    <link>https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/</link>
    <dc:creator>rcrowley</dc:creator><dc:subject>elliptic curve curve25519 ecc ecdhe ecdsa rsa crypto tls</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:d49b703b7ef7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:elliptic"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:curve"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:curve25519"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ecc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ecdhe"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ecdsa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:rsa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://smallstep.com/blog/automate-docker-ssl-tls-certificates/">
    <title>Automating TLS certificate management in Docker</title>
    <dc:date>2021-10-30T06:33:06+00:00</dc:date>
    <link>https://smallstep.com/blog/automate-docker-ssl-tls-certificates/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[No surprise that Malone and his crew are here telling us all how to get it completely right instead of just good enough.]]></description>
<dc:subject>docker containers tls step smallstep</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:19966b780cc0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:docker"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:containers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:step"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:smallstep"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://latacora.micro.blog/a-childs-garden/">
    <title>Latacora - A Child’s Garden of Inter-Service Authentication Schemes</title>
    <dc:date>2020-12-12T12:45:30+00:00</dc:date>
    <link>https://latacora.micro.blog/a-childs-garden/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Apparently everything except Macaroons is awful because we’re all too stupid to used anything correctly.]]></description>
<dc:subject>auth authentication authorization macaroons jwt tls mtls security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:cd8d773d6716/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:auth"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:authentication"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:authorization"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:macaroons"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:jwt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:mtls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://mobile.twitter.com/colmmacc/status/1057017343438540801">
    <title>Colm MacCárthaigh on Twitter: &quot;Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But ba</title>
    <dc:date>2020-05-15T17:21:36+00:00</dc:date>
    <link>https://mobile.twitter.com/colmmacc/status/1057017343438540801</link>
    <dc:creator>rcrowley</dc:creator><dc:subject>tls mtls security crypto auth</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:23c576769088/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:mtls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:auth"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/adferrand/dnsrobocert/blob/master/README.rst">
    <title>dnsrobocert/README.rst at master · adferrand/dnsrobocert · GitHub</title>
    <dc:date>2020-04-25T07:01:38+00:00</dc:date>
    <link>https://github.com/adferrand/dnsrobocert/blob/master/README.rst</link>
    <dc:creator>rcrowley</dc:creator><dc:subject>letsencrypt tls pki security dns</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:426cafc7a228/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:letsencrypt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:dns"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/colmmacc/nf_conntrack_tls">
    <title>colmmacc/nf_conntrack_tls: A Linux netfilter conntracking module that understands TLS records</title>
    <dc:date>2019-04-08T12:12:21+00:00</dc:date>
    <link>https://github.com/colmmacc/nf_conntrack_tls</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Nifty bit of history from the Heartbleed response - Colm's kernel module that drops SSL/TLS heartbeat records.]]></description>
<dc:subject>linux kernel iptables conntrack netfilter ssl tls crypto heartbleed</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:55f7212d0169/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:linux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:kernel"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:iptables"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:conntrack"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:netfilter"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://diogomonica.com/2017/01/11/hitless-tls-certificate-rotation-in-go/">
    <title>Hitless TLS Certificate Rotation in Go</title>
    <dc:date>2019-01-29T05:59:33+00:00</dc:date>
    <link>https://diogomonica.com/2017/01/11/hitless-tls-certificate-rotation-in-go/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Thus is only a half step further than my generate-and-sign-at-startup code.]]></description>
<dc:subject>golang tls pki crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:f82264fa076c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:golang"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://smallstep.com/blog/everything-pki.html">
    <title>smallstep - Everything you should know about certificates and PKI but are too afraid to ask</title>
    <dc:date>2019-01-29T05:55:26+00:00</dc:date>
    <link>https://smallstep.com/blog/everything-pki.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[As thorough as ever.]]></description>
<dc:subject>smallstep ca tls pki crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:7de605db1b7a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:smallstep"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://tls13.ulfheim.net/">
    <title>The Illustrated TLS 1.3 Connection: Every Byte Explained</title>
    <dc:date>2018-11-18T18:37:25+00:00</dc:date>
    <link>https://tls13.ulfheim.net/</link>
    <dc:creator>rcrowley</dc:creator><dc:subject>tls tls13 security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:b1b3c7bce817/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls13"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/">
    <title>Why TLS 1.3 isn't in browsers yet</title>
    <dc:date>2018-01-04T03:39:10+00:00</dc:date>
    <link>https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[History repeats itself. I think back to this cautionary tale of protocol design often. Have one hinge, oil it, and use it often.]]></description>
<dc:subject>tls crypto tls13 ossification</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:7b67d7719a73/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls13"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ossification"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.apnic.net/2017/12/12/internet-protocols-changing/">
    <title>Internet protocols are changing | APNIC Blog</title>
    <dc:date>2017-12-19T14:02:13+00:00</dc:date>
    <link>https://blog.apnic.net/2017/12/12/internet-protocols-changing/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Good survey of the currently-in-flight changes to core network protocols and their motivations.  It'll be a little weird when almost everything is working around port and protocol differentiation.]]></description>
<dc:subject>dns http quic tcp udp tls networking perf</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:77637e2b658a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:dns"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:http"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:quic"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tcp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:udp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:networking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:perf"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/">
    <title>Building Zero protocol for fast, secure mobile connections | Engineering Blog | Facebook Code | Facebook</title>
    <dc:date>2017-12-19T13:51:08+00:00</dc:date>
    <link>https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[The industry's getting bolder about just redoing primitive network protocols.]]></description>
<dc:subject>tcp quic tls zero facebook networking perf</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:53df53db7f57/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tcp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:quic"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:zero"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:networking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:perf"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://stripe.ian.sh/">
    <title>Extended Validation is Broken</title>
    <dc:date>2017-12-12T02:54:40+00:00</dc:date>
    <link>https://stripe.ian.sh/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Welp, everything is terrible.]]></description>
<dc:subject>security identity pki tls x509</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:3c38b07930e9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:identity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:x509"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://netdevconf.org/1.2/papers/ktls.pdf">
    <title>KTLS</title>
    <dc:date>2017-09-23T00:52:24+00:00</dc:date>
    <link>https://netdevconf.org/1.2/papers/ktls.pdf</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Facebook's in-kernel TLS record encryption scheme that allows them to use sendfile(2) and such.]]></description>
<dc:subject>tls ktls linux kernel crypto facebook</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:970c116554f6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ktls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:linux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:kernel"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:facebook"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html?m=1">
    <title>Google Online Security Blog: The foundation of a more secure web</title>
    <dc:date>2017-02-03T16:32:24+00:00</dc:date>
    <link>https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html?m=1</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[I wonder what it would have been like to get into the CA game years ago like we considered.]]></description>
<dc:subject>pki ssl tls crypto security trust google</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:3967c5e3ad68/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:trust"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:google"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/letsencrypt/boulder">
    <title>letsencrypt/boulder: An ACME-based CA, written in Go.</title>
    <dc:date>2016-09-21T15:28:29+00:00</dc:date>
    <link>https://github.com/letsencrypt/boulder</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Let's Encrypt's CA software.]]></description>
<dc:subject>golang ca ssl tls security crypto pki letsencrypt</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:2fc1075dad36/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:golang"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:letsencrypt"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://letsencrypt.org//2015/11/09/why-90-days.html">
    <title>Why ninety-day lifetimes for certificates?</title>
    <dc:date>2015-11-09T17:54:35+00:00</dc:date>
    <link>https://letsencrypt.org//2015/11/09/why-90-days.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[[this is good]]]></description>
<dc:subject>letsencrypt ca crypto security tls pki</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:34e755f26539/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:letsencrypt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://letsencrypt.org//2015/10/29/phishing-and-malware.html">
    <title>The CA's Role in Fighting Phishing and Malware</title>
    <dc:date>2015-10-29T18:03:57+00:00</dc:date>
    <link>https://letsencrypt.org//2015/10/29/phishing-and-malware.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Well-reasoned.]]></description>
<dc:subject>ca tls security crypto letsencrypt policy phishing malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:4d7d8d17b316/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:letsencrypt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:policy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:phishing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.imperialviolet.org/2015/10/17/boringssl.html">
    <title>ImperialViolet - BoringSSL</title>
    <dc:date>2015-10-22T15:33:11+00:00</dc:date>
    <link>https://www.imperialviolet.org/2015/10/17/boringssl.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[A nice explanation of the what, how, and why of Google's BoringSSL fork.]]></description>
<dc:subject>ssl openssl boringssl tls crypto security google agl</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:4edd5d544ccb/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:boringssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:agl"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://googleonlinesecurity.blogspot.com/2015/09/disabling-sslv3-and-rc4.html">
    <title>Google Online Security Blog: Disabling SSLv3 and RC4</title>
    <dc:date>2015-09-26T23:58:17+00:00</dc:date>
    <link>http://googleonlinesecurity.blogspot.com/2015/09/disabling-sslv3-and-rc4.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Some details on the evolution of TLS best-practice at Google.  Follow along as best you can, I guess.]]></description>
<dc:subject>google security pki crypto tls</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:e2d83b0ba0ac/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/">
    <title>App Transport Security Technote: App Transport Security Technote</title>
    <dc:date>2015-09-06T05:26:55+00:00</dc:date>
    <link>https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Really cool new security features from Apple.]]></description>
<dc:subject>apple ios osx mac security crypto tls</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:defebb40d752/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:osx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:mac"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/awslabs/s2n">
    <title>awslabs/s2n</title>
    <dc:date>2015-06-30T17:44:58+00:00</dc:date>
    <link>https://github.com/awslabs/s2n</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[New TLS library.  Note that it doesn't implement RSA and the like, just TLS.]]></description>
<dc:subject>amazon aws security ssl tls crypto openssl boringssl libressl s2n</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:57c5da98e6b1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:amazon"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:aws"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:boringssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:libressl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:s2n"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://groob.io/posts/internal_ca/">
    <title>Certified - an internal CA for your company · groob</title>
    <dc:date>2015-05-15T15:45:14+00:00</dc:date>
    <link>http://groob.io/posts/internal_ca/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Somebody wrote an excellent Certified walkthrough!]]></description>
<dc:subject>certified ca openssl ssl tls crypto security pki</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:8321d884436f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:certified"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.chromium.org/Home/chromium-security/education/tls">
    <title>TLS / SSL - The Chromium Projects</title>
    <dc:date>2015-04-27T15:11:06+00:00</dc:date>
    <link>https://www.chromium.org/Home/chromium-security/education/tls</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Lots of TLS answers straight from the Chrome folks.]]></description>
<dc:subject>tls ssl chrome chromium security pki crypto ca</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:6e2ccadfe329/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:chromium"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/">
    <title>SSL connections from within iPhone applications • Charles Web Debugging Proxy</title>
    <dc:date>2015-02-02T14:35:27+00:00</dc:date>
    <link>http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[How to setup an iPhone for Charles.]]></description>
<dc:subject>charles https ssl tls crypto proxy debugging</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:8dc966bd8974/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:charles"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:https"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:proxy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:debugging"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning">
    <title>Public Key Pinning - Web security | MDN</title>
    <dc:date>2015-01-03T19:59:21+00:00</dc:date>
    <link>https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Certificate pinning for browsers!]]></description>
<dc:subject>security hpkp ssl tls</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:a7062ae3ff27/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:hpkp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://sethvargo.com/getting-an-a-plus-on-qualys-ssl-labs-tester/">
    <title>Getting an A+ on Qualy's SSL Labs Tester</title>
    <dc:date>2015-01-03T19:21:03+00:00</dc:date>
    <link>https://sethvargo.com/getting-an-a-plus-on-qualys-ssl-labs-tester/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Not bad.]]></description>
<dc:subject>ssl tls openssl nginx security crypto dhe dhparam</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:f758bcdc6ba1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:nginx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:dhe"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:dhparam"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://knowledge.geotrust.com/support/knowledge-base/index?page=content&amp;id=AR1421&amp;actp=RELATED_RESOURCE">
    <title>GeoTrust - Knowledge Center - SSL Certificates Support</title>
    <dc:date>2014-12-05T17:47:22+00:00</dc:date>
    <link>https://knowledge.geotrust.com/support/knowledge-base/index?page=content&amp;id=AR1421&amp;actp=RELATED_RESOURCE</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[All of GeoTrust's intermediate certificates.]]></description>
<dc:subject>geotrust ssl tls ca pki crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:170497bad44d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:geotrust"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://letsencrypt.org/">
    <title>Let's Encrypt</title>
    <dc:date>2014-11-19T16:59:44+00:00</dc:date>
    <link>https://letsencrypt.org/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Free and open CA from EFF/Mozilla/University of Michigan.]]></description>
<dc:subject>security tls crypto pki ca eff</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:5593278a9379/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:eff"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://groups.google.com/forum/#!topic/golang-nuts/oK3EBAY2Uig">
    <title>Connection reset by peer in TLS handshake, curl ok - Google Groups</title>
    <dc:date>2014-11-10T17:14:01+00:00</dc:date>
    <link>https://groups.google.com/forum/#!topic/golang-nuts/oK3EBAY2Uig</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[A bug we're potentially going to hit more often what with SHA2 certificates becoming more common.]]></description>
<dc:subject>golang tls crypto sha2</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:c52fac1de120/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:golang"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:sha2"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html">
    <title>The Netflix Tech Blog: Message Security Layer: A Modern Take on Securing Communication</title>
    <dc:date>2014-11-01T20:54:20+00:00</dc:date>
    <link>http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Netflix got bored of TLS and made their own thing.  Curious that it exists on top of HTTP rather than beneath it.  However an attacker's capabilities are still limited:  If they redirect via a Location header they still can't spoof the payload and (though my understanding's fuzzy) it seems such spoofing is accounted for and detected by the protocol.  I'm sure there are bugs, of course.]]></description>
<dc:subject>http tls msl security crypto webcrypto netflix perf</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:e75d5663cd70/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:http"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:msl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:webcrypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:netflix"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:perf"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html">
    <title>SSL Security Policy Table - Elastic Load Balancing</title>
    <dc:date>2014-10-15T01:15:41+00:00</dc:date>
    <link>http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Docs on AWS ELB SSL/TLS termination.]]></description>
<dc:subject>aws elb ssl tls security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:acc564594ed7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:aws"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:elb"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.openssl.org/about/secpolicy.html">
    <title>OpenSSL: About, Security Policy</title>
    <dc:date>2014-10-12T17:56:49+00:00</dc:date>
    <link>https://www.openssl.org/about/secpolicy.html</link>
    <dc:creator>rcrowley</dc:creator><dc:subject>openssl ssl tls security privacy disclosure ops policy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:2826bdef8356/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:disclosure"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ops"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:policy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1">
    <title>Why Google is Hurrying the Web to Kill SHA-1</title>
    <dc:date>2014-09-09T00:39:27+00:00</dc:date>
    <link>https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Much better article than Google's about why SHA-1 has to go now.]]></description>
<dc:subject>google security sha1 ssl tls crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:8a127a71bdbc/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:sha1"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://lists.openwall.net/linux-kernel/2014/07/17/235">
    <title>linux-kernel - [PATCH, RFC] random: introduce getrandom(2) system call</title>
    <dc:date>2014-07-17T20:39:17+00:00</dc:date>
    <link>http://lists.openwall.net/linux-kernel/2014/07/17/235</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[File descriptor exhaustion is not an attack I'd considered against random number generators.]]></description>
<dc:subject>rng getrandom linux unix syscall security entropy libressl ssl tls crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:5e5c422dd05f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:rng"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:getrandom"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:linux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:unix"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:syscall"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:entropy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:libressl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.imperialviolet.org/2014/06/05/earlyccs.html">
    <title>ImperialViolet - Early ChangeCipherSpec Attack</title>
    <dc:date>2014-06-06T16:45:40+00:00</dc:date>
    <link>https://www.imperialviolet.org/2014/06/05/earlyccs.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Adam Langley's explanation of the CCS attack.]]></description>
<dc:subject>openssl ssl tls security ccs</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:a9fc03d472c1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ccs"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://ccsinjection.lepidum.co.jp/">
    <title>OpenSSL #ccsinjection Vulnerability</title>
    <dc:date>2014-06-05T18:48:44+00:00</dc:date>
    <link>http://ccsinjection.lepidum.co.jp/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Another rather serious OpenSSL vulnerability.  The only saving grace here is that the client needs to be OpenSSL, too.]]></description>
<dc:subject>ccsinjection openssl ssl tls crypto security mitm</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:b87c26790dbb/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ccsinjection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:mitm"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://it.slashdot.org/story/14/04/30/1822209/openssh-no-longer-has-to-depend-on-openssl">
    <title>OpenSSH No Longer Has To Depend On OpenSSL - Slashdot</title>
    <dc:date>2014-05-06T17:45:11+00:00</dc:date>
    <link>http://it.slashdot.org/story/14/04/30/1822209/openssh-no-longer-has-to-depend-on-openssl</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Not that any distros will do this, I bet.]]></description>
<dc:subject>openssh openssl ssh ssl tls crypto security deps</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:f515a43009fd/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssh"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssh"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:deps"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/cchandler/certificate_authority">
    <title>cchandler/certificate_authority</title>
    <dc:date>2014-04-23T00:24:53+00:00</dc:date>
    <link>https://github.com/cchandler/certificate_authority</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Chris Chandler's Ruby OpenSSL CA they used to use at Square.]]></description>
<dc:subject>openssl ssl tls ca crypto security ruby square</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:1ddb0474347f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ruby"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:square"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/jmhodges/libssl">
    <title>jmhodges/libssl</title>
    <dc:date>2014-04-21T19:04:04+00:00</dc:date>
    <link>https://github.com/jmhodges/libssl</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Git mirror of OpenBSD's OpenSSL cleanup.]]></description>
<dc:subject>openbsd openssl ssl tls crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:3b06fe626fab/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openbsd"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/">
    <title>src/lib/libssl/src/ssl/</title>
    <dc:date>2014-04-21T19:03:30+00:00</dc:date>
    <link>http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Canonical source of OpenBSD's cleanup of OpenSSL.]]></description>
<dc:subject>openbsd openssl ssl tls crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:28d4294967a8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openbsd"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.imperialviolet.org/2012/02/05/crlsets.html">
    <title>ImperialViolet - Revocation checking and Chrome's CRL</title>
    <dc:date>2014-04-13T01:47:16+00:00</dc:date>
    <link>https://www.imperialviolet.org/2012/02/05/crlsets.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Chrome mostly doesn't check CRLs, anyway.]]></description>
<dc:subject>chrome google ssl tls crl ocsp security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:a6f10374625e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ocsp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/jsermeno/easycert_openssl">
    <title>jsermeno/easycert_openssl</title>
    <dc:date>2014-04-11T19:27:24+00:00</dc:date>
    <link>https://github.com/jsermeno/easycert_openssl</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[A bit of code sort of similar to but less usable than Certified.]]></description>
<dc:subject>ssl tls openssl ca pki security crypto certified sh</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:d84253805e5d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:certified"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:sh"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed">
    <title>Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed? | CloudFlare Blog</title>
    <dc:date>2014-04-11T17:19:45+00:00</dc:date>
    <link>http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Diogo says this confirms his findings, as well.]]></description>
<dc:subject>cloudflare heartbleed openssl ssl tls crypto security nginx</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:327dc72e4ba2/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:cloudflare"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:nginx"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.seacat.mobi/blog/heartbleed">
    <title>SeaCat | Blog</title>
    <dc:date>2014-04-09T22:21:57+00:00</dc:date>
    <link>http://www.seacat.mobi/blog/heartbleed</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Evidence that Heartbleed was exploited as early as 2014-03-23.]]></description>
<dc:subject>heartbleed openssl ssl tls crypto security exploit seacat</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:07d977872ac4/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:exploit"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:seacat"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://article.gmane.org/gmane.os.openbsd.misc/211963">
    <title>Re: FYA: http: heartbleed.com</title>
    <dc:date>2014-04-09T19:10:32+00:00</dc:date>
    <link>http://article.gmane.org/gmane.os.openbsd.misc/211963</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA["exploit mitigation countermeasures"]]></description>
<dc:subject>openssl ssl tls security malloc c portability</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:be2e03e89e81/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:malloc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:portability"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3">
    <title>git.openssl.org Git - openssl.git/commitdiff</title>
    <dc:date>2014-04-08T20:30:36+00:00</dc:date>
    <link>http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[The commit that fixes Heartbleed.]]></description>
<dc:subject>heartbleed openssl ssl tls crypto security c</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:771a1f1e7d74/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html">
    <title>existential type crisis : Diagnosis of the OpenSSL Heartbleed Bug</title>
    <dc:date>2014-04-08T20:26:07+00:00</dc:date>
    <link>http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Code walkthrough of Heartbleed.]]></description>
<dc:subject>heartbleed openssl ssl tls security crypto c</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:f951a3a27d5b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://launchpadlibrarian.net/172128742/openssl_1.0.1-4ubuntu5.11_1.0.1-4ubuntu5.12.diff.gz">
    <title>openssl_1.0.1-4ubuntu5.11_1.0.1-4ubuntu5.12.diff.gz</title>
    <dc:date>2014-04-08T16:25:07+00:00</dc:date>
    <link>http://launchpadlibrarian.net/172128742/openssl_1.0.1-4ubuntu5.11_1.0.1-4ubuntu5.12.diff.gz</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[This is how they fixed their 1.0.1e for Heartbleed.]]></description>
<dc:subject>heartbleed ssl tls openssl crypto security patch ubuntu c</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:6a8a7b0ec966/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:patch"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ubuntu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/FiloSottile/Heartbleed">
    <title>FiloSottile/Heartbleed</title>
    <dc:date>2014-04-08T16:07:48+00:00</dc:date>
    <link>https://github.com/FiloSottile/Heartbleed</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[The tool to use when checking for Heartbleed vulnerability.]]></description>
<dc:subject>golang heartbleed ssl tls crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:37eb6e719c9a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:golang"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.ubuntu.com/usn/usn-2165-1/">
    <title>USN-2165-1: OpenSSL vulnerabilities | Ubuntu</title>
    <dc:date>2014-04-08T16:05:43+00:00</dc:date>
    <link>http://www.ubuntu.com/usn/usn-2165-1/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Ubuntu's security advisory says to upgrade 12.04 LTS machines to 1.0.1-4ubuntu5.12.]]></description>
<dc:subject>openssl ssl tls crypto security heartbleed ubuntu</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:60730a6ac039/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ubuntu"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://heartbleed.com/">
    <title>Heartbleed Bug</title>
    <dc:date>2014-04-07T23:21:42+00:00</dc:date>
    <link>http://heartbleed.com/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Jesus fucking Christ.]]></description>
<dc:subject>openssl ssl tls security crypto heartbleed</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:8076604c65c5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:heartbleed"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://polarssl.org/">
    <title>SSL Library PolarSSL: Download for free or buy a commercial license</title>
    <dc:date>2014-04-04T22:17:05+00:00</dc:date>
    <link>https://polarssl.org/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Non-free SSL package purported to be easier to understand than OpenSSL.]]></description>
<dc:subject>polarssl polar ssl tls crypto security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:b21be1293f7e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:polarssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:polar"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.isg.rhul.ac.uk/tls/">
    <title>On the Security of RC4 in TLS</title>
    <dc:date>2014-03-12T00:18:54+00:00</dc:date>
    <link>http://www.isg.rhul.ac.uk/tls/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[An attack on RC4.]]></description>
<dc:subject>crypto security tls ssl</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:ebceae71f2c4/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.serverdensity.com/how-to-secure-your-webapp/">
    <title>How to secure your webapp</title>
    <dc:date>2014-03-12T00:08:54+00:00</dc:date>
    <link>https://blog.serverdensity.com/how-to-secure-your-webapp/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Good list.]]></description>
<dc:subject>security ssl tls 2fa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:c4c3e46aeb36/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:2fa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/pquerna/selene">
    <title>pquerna/selene</title>
    <dc:date>2014-03-10T04:32:35+00:00</dc:date>
    <link>https://github.com/pquerna/selene</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[A now-defunct attempt at a TLS library that's not OpenSSL.]]></description>
<dc:subject>ssl tls crypto security c</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:0cc504b70b99/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://curl.haxx.se/docs/caextract.html">
    <title>cURL - Extract CA Certs from Mozilla</title>
    <dc:date>2014-03-03T16:59:11+00:00</dc:date>
    <link>http://curl.haxx.se/docs/caextract.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Extractor for Mozilla's root certificates.]]></description>
<dc:subject>ssl tls ca trust pki curl crypto security mozilla</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:7f5cdc083712/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:trust"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:curl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:mozilla"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://hynek.me/articles/apple-openssl-verification-surprises/">
    <title>Apple OpenSSL Verification Surprises — Hynek Schlawack</title>
    <dc:date>2014-03-03T16:58:13+00:00</dc:date>
    <link>https://hynek.me/articles/apple-openssl-verification-surprises/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[OpenSSL on Apple platforms is full of surprises.]]></description>
<dc:subject>ssl tls openssl apple mac osx crypto security trust ca pki</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:4fd512e9d0e0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:mac"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:osx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:trust"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://gist.github.com/davepeck/9151493#file-oops-c-L58">
    <title>iOS 7.0.6 &quot;Security Content&quot;</title>
    <dc:date>2014-02-22T19:33:06+00:00</dc:date>
    <link>https://gist.github.com/davepeck/9151493#file-oops-c-L58</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Another look at the Apple TLS bug.]]></description>
<dc:subject>apple tls security crypto bug c</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:38385e6745a6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:bug"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://gist.github.com/alexyakoubian/9151610/revisions">
    <title>Revisions · sslKeyExchange.c</title>
    <dc:date>2014-02-22T18:58:51+00:00</dc:date>
    <link>https://gist.github.com/alexyakoubian/9151610/revisions</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[The Apple TLS bug is on line 631.]]></description>
<dc:subject>apple tls crypto security c bug</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:1a9b61100a51/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:c"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:bug"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://gotofail.com/">
    <title>goto fail;</title>
    <dc:date>2014-02-22T18:15:37+00:00</dc:date>
    <link>https://gotofail.com/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Test of CVE-2014-1266 that affected iOS prior to 7.0.6.]]></description>
<dc:subject>apple ios security tls crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:967ba7ad51d1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite">
    <title>Security/Server Side TLS - MozillaWiki</title>
    <dc:date>2014-02-22T00:28:19+00:00</dc:date>
    <link>https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Mozilla's recommended cipher suite for browser-facing HTTPS servers.]]></description>
<dc:subject>ssl tls security cm</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:9e9e47a7d17f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:cm"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx.conf">
    <title>istlsfastyet.com/nginx.conf at master · igrigorik/istlsfastyet.com</title>
    <dc:date>2014-02-22T00:27:34+00:00</dc:date>
    <link>https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx.conf</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Nginx configuration with SPDY, PFS, OCSP stapling, and session resumption.  Good practice.]]></description>
<dc:subject>nginx http https spdy ocsp ssl tls security networking</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:4d965fd6cfba/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:nginx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:http"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:https"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:spdy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ocsp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:networking"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://istlsfastyet.com/">
    <title>Is TLS Fast Yet?</title>
    <dc:date>2014-02-22T00:24:50+00:00</dc:date>
    <link>https://istlsfastyet.com/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Great survey of modern TLS resources.]]></description>
<dc:subject>security ssl tls networking</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:01db13057b33/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:networking"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.litespeedtech.com/2013/07/03/the-openlitespeed-features-keep-coming-websocket-proxy-ocsp-stapling/">
    <title>The OpenLiteSpeed Features Keep Coming: WebSocket Proxy + OCSP Stapling « LiteSpeed Blog</title>
    <dc:date>2014-02-10T17:00:37+00:00</dc:date>
    <link>http://blog.litespeedtech.com/2013/07/03/the-openlitespeed-features-keep-coming-websocket-proxy-ocsp-stapling/</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[OCSP stapling is kind of interesting.]]></description>
<dc:subject>ocsp ssl tls crypto security perf</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:1f705e0ef5df/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ocsp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:perf"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_KEY_USAGE_EXTENSIONS_FOR_INTERNET_CERTIFICATES_1521_OVER.html">
    <title>IBM Lotus Domino and Notes Information Center</title>
    <dc:date>2014-02-02T16:29:40+00:00</dc:date>
    <link>http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_KEY_USAGE_EXTENSIONS_FOR_INTERNET_CERTIFICATES_1521_OVER.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Explanation of OpenSSL keyUsage and extendedKeyUsage values.]]></description>
<dc:subject>openssl ssl tls security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:ef888c12821c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:openssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy">
    <title>SSL Labs: Deploying Forward Secrecy | Security Labs | Qualys Community</title>
    <dc:date>2014-01-26T18:10:00+00:00</dc:date>
    <link>https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Good details on PFS.]]></description>
<dc:subject>apache nginx ssl tls pfs security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:4bd512100850/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:apache"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:nginx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pfs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://convergence.io/details.html">
    <title>Convergence | Beta</title>
    <dc:date>2014-01-26T17:48:43+00:00</dc:date>
    <link>http://convergence.io/details.html</link>
    <dc:creator>rcrowley</dc:creator><description><![CDATA[Seems like this is just changing who the CAs are but that isn't entirely fair because there's the problem of who signs the certificate and I think this is getting at a world where lots of notaries sign each certificate.]]></description>
<dc:subject>convergence security ssl tls pki ca firefox</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:rcrowley/b:a17285695db9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:convergence"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:pki"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:ca"/>
	<rdf:li rdf:resource="https://pinboard.in/u:rcrowley/t:firefox"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>