|
OCSP Stapling
The Online Certificate Status Protocol (OCSP) stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing Online Certificate Status Protocol (OCSP) responses by appending ("stapling") a time-stamped OCSP response signed by the CA (certificate authority) to the initial TLS handshake, eliminating the need for clients to contact the CA, with the aim of improving both security and performance. Motivation The original OCSP implementation has a number of issues. Firstly, it can introduce a significant cost for the certificate authorities (CA) because it requires them to provide responses to every client of a given certificate in real time. For example, when a certificate is issued to a high traffic website, the servers of CAs are likely to be hit by enormous volumes of OCSP requests querying the val ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Revocation Status
In public key cryptography, a certificate may be revoked before it expires, which signals that it is no longer valid. Without revocation, an attacker could exploit such a compromised or misissued certificate until expiry. Hence, revocation is an important part of a public key infrastructure. Revocation is performed by the issuing certificate authority, which produces a cryptographically authenticated statement of revocation. For distributing revocation information to clients, the timeliness of the discovery of revocation (and hence the window for an attacker to exploit a compromised certificate) trades off against resource usage in querying revocation statuses and privacy concerns. If revocation information is unavailable (either due to an accident or an attack), clients must decide whether to ''fail-hard'' and treat a certificate as if it is revoked (and so degrade availability) or to ''fail-soft'' and treat it as unrevoked (and allow attackers to sidestep revocation). Due to ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
HAProxy
HAProxy is a free and open source software that provides a high availability load balancer and Proxy ( forward proxy, reverse proxy) for TCP and HTTP-based applications that spreads requests across multiple servers. It is written in C and has a reputation for being fast and efficient (in terms of processor and memory usage). HAProxy is used by a number of high-profile websites including GoDaddy, GitHub, Bitbucket, Stack Overflow, Reddit, Slack, Speedtest.net, Tumblr, Twitter and Tuenti and is used in the OpsWorks product from Amazon Web Services. History HAProxy was written in 2000 by Willy Tarreau, a core contributor to the Linux kernel, who still maintains the project. In 2013, the company HAProxy Technologies, LLC was created. The company provides a commercial offering, HAProxy Enterprise and appliance-based application-delivery controllers named ALOHA. Features HAProxy has the following features: * Layer 4 (TCP) and Layer 7 (HTTP) load balancing * Multi-fac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptographic Protocols
A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used and includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program. Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects: * Key agreement or establishment * Entity authentication * Symmetric encryption and message authentication material construction * Secured application-level data transport * Non-repudiation methods * Secret sharing methods * Secure multi-party computation For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTPS) connections. It has an entity authentication mechanism, based on the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Certificate Revocation
In public key cryptography, a public key certificate, certificate may be revoked before it expires, which signals that it is no longer valid. Without revocation, an attacker could exploit such a compromised or misissued certificate until expiry. Hence, revocation is an important part of a public key infrastructure. Revocation is performed by the issuing certificate authority, which produces a cryptographically authenticated statement of revocation. For distributing revocation information to clients, the timeliness of the discovery of revocation (and hence the window for an attacker to exploit a compromised certificate) trades off against resource usage in querying revocation statuses and privacy concerns. If revocation information is unavailable (either due to an accident or an attack), clients must decide whether to ''fail-hard'' and treat a certificate as if it is revoked (and so degrade availability) or to ''fail-soft'' and treat it as unrevoked (and allow attackers to sideste ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and all its participants are volunteers. Their work is usually funded by employers or other sponsors. The IETF was initially supported by the federal government of the United States but since 1993 has operated under the auspices of the Internet Society, a non-profit organization with local chapters around the world. Organization There is no membership in the IETF. Anyone can participate by signing up to a working group mailing list, or registering for an IETF meeting. The IETF operates in a bottom-up task creation mode, largely driven by working groups. Each working group normally has appointed two co-chairs (occasionally three); a charter that describes its focus; and what it is expected to produce, and when. It is open ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Message Transfer Agent
Within the Internet email system, a message transfer agent (MTA), mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol. In some contexts, the alternative names mail server, mail exchanger, or MX host are used to describe an MTA. Messages exchanged across networks are passed between mail servers, including any attached data files (such as images, multimedia, or documents). These servers often keep mailboxes for email. Access to this email by end users is typically either by webmail or an email client. Operation A message transfer agent receives mail from either another MTA, a mail submission agent (MSA), or a mail user agent (MUA). The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA. Every time an MTA receives an email message, it ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Exim
Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is a free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail. Exim has been ported to most Unix-like systems, as well as to Microsoft Windows using the Cygwin emulation layer. Exim 4 is currently the default MTA on Debian Linux systems. Many Exim installations exist, especially within Internet service providers and universities in the United Kingdom. Exim is also widely used with the GNU Mailman mailing list manager, and cPanel. In March 2023 a study performed by E-Soft, Inc., approximated that 59% of the publicly reachable mail-servers on the Internet ran Exim. Origin The first version of Exim was written in 1995 by Philip Hazel for use in the University of Cambridge Computing Service’s e-mail systems. The name initially stood for EXperimental Internet Mailer. It was original ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ChromeOS
ChromeOS, sometimes styled as chromeOS and formerly styled as Chrome OS, is an operating system designed and developed by Google. It is derived from the open-source operating system and uses the Google Chrome web browser as its principal user interface. Google announced the project in July 2009, initially describing it as an operating system where applications and user data would reside in the cloud. ChromeOS was used primarily to run web applications. ChromeOS supports progressive web applications, Android apps from Google Play and Linux applications. History In 2006, Jeff Nelson, a Google employee, created the concept of what would become ChromeOS, initially codenamed "Google OS" as a Linux distribution focused on speed. Early Google OS versions used Firefox as Chrome had not been released, though it switched to Chrome sometime in 2007 due to internal betas being passed around Google. To ascertain marketing requirements, developers relied on informal metrics, includin ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft Windows. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on November 8, 2006, and over the following two months, it was released in stages to business customers, original equipment manufacturers (OEMs), and retail channels. On January 30, 2007, it was released internationally and was made available for purchase and download from the Windows Marketplace; it is the first release of Windows to be made available through a digital distribution platform. Development of Windows Vista began in 2001 under the codename "Longhorn"; originally envisioned as a minor successor to Windows XP, it feature creep, gradually included numerous new features from the then-next major release of Windows codenamed "Blackc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Explorer
Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were used in the Microsoft Windows, Windows line of operating systems. While IE has been discontinued on most Windows editions, it remains supported on certain editions of Windows, such as Windows 10 editions#Organizational editions, Windows 10 LTSB/LTSC. Starting in 1995, it was first released as part of the add-on package Microsoft Plus!, Plus! for Windows 95 that year. Later versions were available as free downloads or in-service packs and included in the original equipment manufacturer (OEM) service releases of Windows 95 and later versions of Windows. Microsoft spent over per year on Internet Explorer in the late 1990s, with over 1,000 people involved in the project by 1999. In 2016, Microsoft Edge (series of web browsers), Microsoft Edge w ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Firefox
Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and anticipated web standards. Firefox is available for Windows 10 or later versions of Windows, macOS, and Linux. Its unofficial ports are available for various Unix and Unix-like operating systems, including FreeBSD, OpenBSD, NetBSD, and other operating systems, such as ReactOS. Firefox is also available for Android and iOS. However, as with all other iOS web browsers, the iOS version uses the WebKit layout engine instead of Gecko due to platform requirements. An optimized version is also available on the Amazon Fire TV as one of the two main browsers available with Amazon's Silk Browser. Firefox is the spiritual successor of Netscape Navigator, as the Mozilla community was created by Netscape in 1998, before its acqui ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
