Cryptography & Security Newsletter: CT logs managed by DigiCert ran into further performance problems groups.google.com/a/chromium.org…, which ultimately led to the premature death of Sphinx2025h1 and Wyvern2025h1 groups.google.com/a/chromium.org…, and

Cryptography & Security Newsletter: Pierre Barre wrote a blog post about using and optimizing Postgres for Certificate Transparency monitoring blog.transparency.dev/merklemap-scal… in Merklemap. merklemap.com

Cryptography & Security Newsletter: Frank Denis wrote an Internet-Draft about methods for IP address encryption and obfuscation datatracker.ietf.org/doc/draft-deni…, as well as several implementations. github.com/jedisct1/draft…

Cryptography & Security Newsletter: libsodium-rs is a comprehensive and idiomatic Rust wrapper for libsodium. github.com/jedisct1/libso…

New dates! Practical TLS and PKI, Sep 22-25. From Ivan Ristic, based on the Bulletproof book, with lots of exercises that will give you hands-on experience. Your teacher will be Scott Helme. And now is a good time to grab an Early Bird ticket ($300 off). feistyduck.com/training/pract…

HAProxy wrote about the state of TLS libraries. haproxy.com/blog/state-of-…

The people behind Rustls github.com/rustls/rustls, an up-and-coming TLS library written in—you guessed it—Rust, published their follow-up performance benchmark, showing excellent results under high concurrency. memorysafety.org/blog/rustls-se…

A blog post from an Amazon engineer turned up on Hacker News news.ycombinator.com/item?id=440591… and highlighted how “smart forward proxies” deal with certificate encryption in TLS 1.3.

Let’s Encrypt staff wrote about the company’s plans to remove client authentication capabilities from its certificates. letsencrypt.org/2025/05/14/end…

Google paid Trail of Bits to audit Go cryptography. The results are good. go.dev/blog/tob-crypt…

Cryptography & Security Newsletter is out! In this issue: - Encrypted Client Hello Approved for Publication - Short News feistyduck.com/newsletter/iss…

Feisty Duck Ivan Ristic Re: ECH in the latest newsletter: I believe this is what ECH GREASE is for. Browsers with ECH enabled, such as Firefox and Chrome, in my testing, will disguise every ClientHello as ECH so it's difficult to know which ones are real.

New dates! Practical TLS and PKI Training - Nov 10-13 2025. And if you can't wait that long, we still a few tickets for the training next week. Join us! From Ivan Ristic and with Scott Helme feistyduck.com/training/pract…

Cryptography and Security Newsletter: Waiting for Static CT Logs feistyduck.com/newsletter/iss…

Cryptography and Security Newsletter: Over 500 GB of source code, work logs, and internal communication records pertaining to the technology behind (or related to) the Great Firewall of China has been leaked. gfw.report/blog/geedge_an…

From February 2024 through August 2025, Fina CA issued twelve unauthorized certificates for the 1.1.1.1 IP address used by Cloudflare. blog.cloudflare.com/unauthorized-i…

There is some movement toward QWAC adoption (via Stephen Davidson); ETSI EN 319 411-2 and ETSI TS 119 411-5 are the relevant standards. linkedin.com/posts/srdavids…

Video recordings of DigiCert’s World Quantum Readiness day are now available. digicert.com/world-quantum-…

Our final training of 2025 will take place on 10-13 November, 8am-11:30am PT. Join us! feistyduck.com/training/pract… From Ivan Ristic and with Scott Helme.

Halloween Discount on Practical TLS and PKI Training! 🎃 $500 off on the final training of the year, Nov 10-13. For devs and sysadmins: how to deploy secure servers and design secure web applications feistyduck.com/training/pract… From Ivan Ristic and with Scott Helme!