As we have a database of all the issued public certificates, we started looking at some of the data. This is a quick note about the frequency of updates of certificate transparency (CT) logs.
We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.
I just found a video of our presentation at DefCon last year, which I haven’t watched since. The talk included a live demonstration connecting to a bank of smart-cards in Cambridge, UK. Organizers warned us not to do it as the network was pretty locked-down and a lot of …. interesting traffic was flowing around.
We have handed over the first deployment of our CloudFoxy (smart cards over RESTful API) for PDF signing and it is now in live use. Here are a few observations of mine about dependencies, performance, and delivery.
We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.
We have upgraded the KeyChest infrastructure to serve the growing user base. It is the first step for our new version, with real-time notifications, internal certificate monitoring, automated renewals, and faster discovery of new certificates.
Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial security/authorization setup.
Amazon is pretty good at providing a cloud platform with all the tools and infrastructure you may possibly need without looking into the small print. CPU credits are an exception.
Point of discussion: “… No matter how much we rapture on about the virtues of Cyber Security, to The Business, we might as well be explaining the function of the U-bend. …”
One would expect that when you decide to secure your web-server traffic with HTTPS, you do it for the security. Some, however, do it mostly to improve their SEO. CloudFlare flexible SSL is exactly for this.