Collaborate Disseminate
I am used to using JWTs so when I needed the same behavior but with no plaintext user data I looked at JWE. JWE is very similar to JWT; however, I did not see the exp, nbf or iat fields which limit the time the message is valid for (preven… Continue reading How to prevent replay attacks with JWE?
Let’s say you have a CSR that filled with incorrect data and you need to issue a certificate to the associated private key holder. The private key holder will not issue another CSR and will not disclose their private key. Can you overwrite… Continue reading Can any field in a CSR be overwritten in the issued cert?
I am trying to determine best practices for implementing a webapp running in an extremely tight PKI environment. Assume:
Yubikey like devices that have Certs with reasonable expiration dates
The organization has proper certificate revocat… Continue reading For organizations running modern, functioning PKI, can mTLS be used as SSO mechanism?
I am looking into TLS 1.3 implementations and am a little confused about what is being referenced in the HKDF functions. Specifically the last argument in the Dervice_Secret wrapper function. From RFC 8446:
PSK -> = Early Secret
… Continue reading TLS 1.3 HKDF-Expand references to Hello messages
In order to gain web access from the perspective of a remote device, it is very common to use the SOCKS5 to SSH Tunnel capability built into OpenSSH Client and Putty (detailed here). Both clients establish an SSH transport to… Continue reading Securing a SOCKS5 to SSH Tunnel on Windows