Skip to Content
All memories

Cryptographic Infrastructure

Browse series · RSS · Atom

Start here: first entry.

  1. PKI as an Operating System: Certificates, Policies, and Expiration

    January 1, 2018 · 4 min

    Correctness-focused deep dive (January 2018): PKI as an Operating System: Certificates, Policies, and Expiration.

  2. Key Management at Scale: Rotation, Audit, and Blast Radius

    February 1, 2018 · 4 min

    Spec-driven research note (February 2018): Key Management at Scale: Rotation, Audit, and Blast Radius.

  3. Secrets vs Capabilities: Token Design in Microservices

    March 1, 2018 · 4 min

    Design memo (March 2018): Secrets vs Capabilities: Token Design in Microservices.

  4. Hardware Roots of Trust: TPM, Secure Boot, and Attestation

    April 1, 2018 · 4 min

    Correctness-focused deep dive (April 2018): Hardware Roots of Trust: TPM, Secure Boot, and Attestation.

  5. Side Channels: Constant-Time, Cache Attacks, and Real Threat Models

    May 1, 2018 · 4 min

    Adversarial-first deep dive (May 2018): Side Channels: Constant-Time, Cache Attacks, and Real Threat Models.

  6. Secure Firmware Updates: Signed Manifests and Rollback Protection

    June 1, 2018 · 4 min

    Spec-driven research note (June 2018): Secure Firmware Updates: Signed Manifests and Rollback Protection.

  7. TLS Beyond Defaults: Ciphersuites, ALPN, and Operational Reality

    July 1, 2018 · 4 min

    Spec-driven research note (July 2018): TLS Beyond Defaults: Ciphersuites, ALPN, and Operational Reality.

  8. Logging for Forensics: Tamper Evident Event Pipelines

    August 1, 2018 · 4 min

    Adversarial-first deep dive (August 2018): Logging for Forensics: Tamper Evident Event Pipelines.

  9. Cryptographic Agility: Designing for the Algorithm You Haven't Met Yet

    September 1, 2018 · 4 min

    Threat-model-first analysis (September 2018): Cryptographic Agility: Designing for the Algorithm You Haven't Met Yet.

  10. Multi-Tenant Isolation: Crypto Boundaries vs Kernel Boundaries

    October 1, 2018 · 4 min

    Spec-driven research note (October 2018): Multi-Tenant Isolation: Crypto Boundaries vs Kernel Boundaries.

  11. KMS/HSM Threat Models: When 'Managed' Doesn't Mean 'Safe'

    November 1, 2018 · 4 min

    Correctness-focused deep dive (November 2018): KMS/HSM Threat Models: When 'Managed' Doesn't Mean 'Safe'.

  12. Incident Response for Crypto Systems: Key Compromise Playbooks

    December 1, 2018 · 4 min

    Correctness-focused deep dive (December 2018): Incident Response for Crypto Systems: Key Compromise Playbooks.