<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>FYI</p>
<p>(Lo reenvio porque tiene varios links interesantes)<br>
</p>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Bulletproof TLS Newsletter - Google plans to distrust
all current Symantec certificates</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Thu, 30 Mar 2017 11:35:08 +0000</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Feisty Duck TLS News <a class="moz-txt-link-rfc2396E" href="mailto:newsletter@feistyduck.com"><newsletter@feistyduck.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Reply-To:
</th>
<td><a class="moz-txt-link-abbreviated" href="mailto:newsletter@feistyduck.com">newsletter@feistyduck.com</a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:fgont@si6networks.com">fgont@si6networks.com</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta charset="utf-8">
<title>Feisty Duck - Newsletter #26 - 30 March 2017</title>
<style type="text/css">body {
background-color: #EEEEEE;
font-family: Arial, Helvetica, sans-serif;
font-size: 16px;
line-height: 1.6em;
color: #555555;
margin: 15px;
}
p, ol, ul {
font-family: Arial, Helvetica, sans-serif;
font-size: 16px;
line-height: 1.6em;
color: #555555;
}
h1 {
font-size: 28px;
color: #A70B16;
font-weight: normal;
line-height: 120%;
}
h2 {
font-size: 24px;
color: #A70B16;
font-weight: normal;
line-height: 120%;
}
.red {
color: #A70B16 !important;
}
a {
color: #A70B16 !important;
}
hr {
margin: 35px 0;
border: none;
height: 1px;
border-top: 1px solid #ccc;
}
ul.other_news li {
margin-bottom: 15px;
}
*:first-child {
margin-top: 0;
}
*:last-child {
margin-bottom: 0;
}
table.advert {
margin: 30px 0;
padding: 0px;
text-align: left;
}
table.advert td {
padding: 15px;
padding-left: 25px;
line-height: 1.3em;
background-color: #F5F5F5 !important;
}
table.advert h1 {
font-size: 22px;
margin: 0;
letter-spacing: -0.03em;
color: #A70B16 !important;
}
table.advert a {
color: #A70B16 !important;
}
table.advert h1 > a {
text-decoration: none !important;
}
table.advert a {
text-decoration: undeline;
}
table.advert h2 {
font-size: 16px;
margin: 0;
color: #A70B16 !important;
}
table.advert p {
font-size: 14px;
}
</style>
<style type="text/css">:root #header + #content > #left > #rlblock_left,
:root #content > #right > .dose > .dosesingle,
:root #content > #center > .dose > .dosesingle
{display:none !important;}
</style>
<style type="text/css">:root #header + #content > #left > #rlblock_left,
:root #content > #right > .dose > .dosesingle,
:root #content > #center > .dose > .dosesingle
{display:none !important;}
</style>
<p style="font-size: 12px; text-align: center"><a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXCzXWkifVJHDncEFwYis9sTNioiE0Pyvmqwv91FM7uyp54rpA0l25-2FvK956lUE-2Fa9xY7TkK-2B1D1s3lsiGVk5azV9-2Fs4FTmDwc4h1V2-2FgvO8WAHOSm-2BR-2B-2FNDxfxCqTVaN5TOqP4T6B-2FDY8iwoy-2FCvO1XIa0FgcACLWfqQnFtSyaMN_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1cHRhXg-2B7UjjoEgmc2mg-2Fs6amHGPtudGSSglSH8NQh0oGOPeTSc5yzfXseHHpPWtRyUncXt-2FfmajNTJQOs3j645UpFUitum4-2FXUlGcKgcbyE2DrxkE2ElZE1Tlck9Z-2BCAd8h4299mJt14Cl790JAhsvcg54bzap-2Fu0I5qmTN4ke5JU7FQF4NJ1yl6yQ5H6HGckhmJnV144i8ZD0GwOxyKBw-3D">Read
online</a></p>
<div style="background:#ffffff;border:1px solid
#ddd;padding:5px;border-radius:5px;max-width:810px;width:810px;margin:0
auto;">
<table style="max-width:800px" align="center" border="0"
cellpadding="30" cellspacing="0" width="800">
<tbody>
<tr>
<td style="border-bottom: 3px solid #A70B16"
bgcolor="#FFFFFF">
<table border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td><span class="sg-image"
data-imagelibrary="%7B%22width%22%3A%22155%22%2C%22height%22%3A%2275%22%2C%22alt_text%22%3A%22Feisty%20Duck%22%2C%22alignment%22%3A%22%22%2C%22src%22%3A%22https%3A//marketing-image-production.s3.amazonaws.com/uploads/fb6060da09f5e7c00222ce6ebf16c8ddd66cbe026021a65a1800933e8c75704efd68bae6523f7f073e7ffd5fb6e60d649c05c6e545fe4ecbb9ee39841ab87191.png%22%2C%22classes%22%3A%7B%22sg-image%22%3A1%7D%7D"><img
moz-do-not-send="true" alt="Feisty Duck"
src="https://marketing-image-production.s3.amazonaws.com/uploads/fb6060da09f5e7c00222ce6ebf16c8ddd66cbe026021a65a1800933e8c75704efd68bae6523f7f073e7ffd5fb6e60d649c05c6e545fe4ecbb9ee39841ab87191.png"
style="width: 155px; height: 75px;
margin-right: 20px;" height="75" width="155"></span></td>
<td align="right">
<h2><strong>Bulletproof TLS Newsletter #26</strong><br>
March 2017</h2>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF">
<p>Dear Fernando</p>
<p>Bulletproof TLS Newsletter is a free periodic
newsletter bringing you commentary and news
surrounding SSL/TLS and Internet PKI, designed to keep
you informed about the latest developments in this
space.</p>
<p><strong>Author: <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=JirIori8H183PpV0ugHS14zYTvLf-2FsY7BJc59wxtwRg-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1a-2F0P65M2GpUL6M8fIywHn1bZ6X9yS9RWSVySbKjLqpHGVd9uUzIl-2FY-2B2soy1cIrFZjYVR5-2B3gBc8zDWSiesenHzzsOenwukc-2BBtKcjIHXDNYnA7SmLbG76fuEDrV2ksUeHi82RL453E28L32n83dWew1-2BY6oCdyzAdQmfHMhvahUO2Ey-2FHXVfLH0tpKTbvUIwPdhioeXV8G3yrOAL1RdkY-3D">Hanno
Böck</a></strong></p>
<p>In this issue:</p>
<ol>
<li>Google plans to distrust all current Symantec
certificates</li>
<li>Short news</li>
</ol>
<div> </div>
<div>
<h2>RuhrSec 2017</h2>
<p>Feisty Duck is happy to support <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXE73r6dqlLaYHnbiCFv-2Bza-2FNH5vIQfJAY2Q10eTttmmt_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1WwXy2zHz7N3sv540B54tJEBuVIXya4ZL4Evc6WWGvYjU4zep3AxNbjlej3PqRnSbeApQWHx1CQXKeDLI8Od17fMgz6QGt-2FAXCaQg3v1h1TTsRgVvSkcDD1TDfh-2FLBy3guOhXK9LszJWFDk5v06M9KQ7SnwvuSOqBREcdR8UigrLNQBqBKgr6HF5N8M76RSN6e5-2Fz8JnkukJM1QgNCY-2BSrY-3D">RuhrSec
2017</a>, a non-profit security conference at the
Ruhr University Bochum, 2-5 May 2017. International
speakers, interesting crypto and TLS talks and
social events!</p>
</div>
<br>
<h2>Google plans to distrust all current Symantec
certificates</h2>
<p>Google has <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=oQtz6-2BN3LpFOOQ1jijZJXM1ldT1stZa4FOoYpexB9UkNzc0jeOy8Wwb7LZNm5DHqnI9zGBMdxhxxYYa16-2FjrqZEomm-2B7extJ6NlaM18fhltIlfEDtYuibuAUGIT6zvrj_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1cs8kBR3dNdth5RFQO4bbR9q-2B-2Bpn4Af2Up6m8RNvyIwp7EnOr2xAwMr1ZWKMHemvBRM6oOWCiEQmBkZB3KN-2BXep9G5zFgxKR-2Bjn8jvxhg-2FhlGk-2B0b3rtDTDByyfvSe80J00ECU1hr-2BagCKFEmb3iDxPSrs8TmRy-2FZ-2F3ueJvdZsxrISKecCoOKeunKsOM2CuPU5-2BVo3yPaF-2FJnPIArnHanAU-3D">proposed
taking very severe steps against Symantec due to
violations of its responsibilities</a> as a
certificate authority. <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXCzXWkifVJHDncEFwYis9sTNioiE0Pyvmqwv91FM7uyp54rpA0l25-2FvK956lUE-2Fa95-2FFRpoK5JBjxia7phXeyF6pOQIQmK-2FM6YPlgO1Hh8kc3X4yt0Nk0GDmQ-2B9Q5Drc2sn6XUZyCRcjNeUegvPRqTUgo7hl6SXtI4HoTE4Xe4To_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1YpkRI2W5nyBs-2FjbphehzJ6Gyw-2BRRCgJl6fBT5YorHsOWjVjeWyZRNoi759xgzv5RVTpHerXnd-2FUA01jsQK7TMBy8Gp6mPZLh5m5lbAXST7grV3Mpc6HEP17PM969GCgf66aezyzMcLodeYXwtpasQ-2F1Y8mU9i7vtd6nzF7s9VO-2FeUHKDdWIr-2Ff4mFlxrL0J2FqVQSrMlRJ88VlvLcE55dM-3D">In
January, it became known</a> that Symantec had
issued several certificates for domains that weren't
requested by their owners. These certificates were
created by the South Korean company Crosscert, to
which Symantec had given access to its certificate
issuance infrastructure.</p>
<p>Over the course of the investigation, it became clear
that multiple companies had been given similar access
to Symantec's infrastructure without sufficient
oversight. Symantec knew about some of the problems
and didn't come forward with that knowledge. All
together, around 30,000 certificates have been issued
by these companies.</p>
<p>Google now plans to phase out all currently valid
Symantec certificates. Via several steps, the Chrome
browser would distrust certificates with certain
validity times. In the end, Symantec would only be
allowed to issue certificates with a validity of nine
months in the future. Also, Symantec would lose its
ability to issue Extended Validation (EV)
certificates. Although many people question the
utility of EV-certificates, they’re a major source of
income for certificate authorities due to their higher
prices .</p>
<p>Symantec noted that <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXDC-2FtDbhvFRiKTSYGxJrTMoquSZn8p2QOqTPINLQXR4g3QN-2FYmB0BRLXv6IoYXrXoUAwR2llBpEWwwBnYNHrVD8-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1byL2PrAjGiBLpXJG9vEFB7whqUq19-2Bt08tHjSC7YGH73tSkUzj-2FF6dS2fFXsn3EJ-2BQZCPZTqrip8pHvkF25x76OXnCpwhFL132tYQGwHCXRyK2sZVrg3PhaUFIwOYfBluGxrOdGuV6fCWMbLks8QNPjtJ95cAHDrlme0UOC0asDFs-2F8w-2Fd9gj-2F3bwayVg4Jb-2BR8zjkwxSISc9pGHeXXtBQ-3D">it
finds Google’s actions irresponsible</a>. In an <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=fYxuIZgCn6axJ2NWlsZgccdJwRwxxtwzizAPDL0Hj3htd6mSXPVknc24lX-2BypHW9z5a-2Bt3RnriHh4B7QOwZiinKiSxi3scRKkIDzr5dlZKdjnlufwPZ0WCB-2Bq0bKGC9XHQeBZ2KYFWpwUkuGGVQNC8oS9SnqjIS-2FaNri0st5G2g-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1SVBWIvFEhEvGqZfQo80XZzFRvbT4zFyqZcU1m0zPlrGUZrggH14WsvlrCAItyjoDdj9FADMzHFHBg24ibs289fmtyrbRHsnSJI4-2FRkAz82VAFpNHtqx6WqdP-2Fnn0nB33KOkc467-2Fo7rSsOtdnn2UR8g57YgPjmsiCqXeBhb0IC4JG5AqCnBLVfuTgfB7kHgiYem0t8t6rY0eqS4TXdaNjc-3D">emailed
statement, as reported by Ars Technica</a>, Symantec
wrote: “Our SSL/TLS certificate customers and partners
need to know that this does not require any action at
this time.”</p>
<hr>
<h2>Short news</h2>
<ul class="other_news">
<li>OpenSSL has planned a <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXOcG-2BknP2O4RjW4Vb8M0jG23qbUF1Gwu-2BvRb4qe3HHoh7uXC-2F367aaxJVEgdRRRWkw-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1Q5AW5XyvzpbTnkqzKMe1-2Fn4xeSF-2Bap33Bt7wdW9hkrBv1u30rPeKhhmuaoeNyOb0CrsaAwXDkgOUoRFwznWxy-2B6p7nfvJvLy9ore3mRjF8rm8MUWeZ2HmUfZ0wv1nFHnzlm4J-2F5ykNIEUWskqB92mgBSBVN4yDvq2p-2BSSE0jENfh-2BAqjn9eUHmojzJW8MNE7cEojwpYJmWZ05gpZxo6B4Q-3D">license
change to the Apache License Version 2.0</a> and <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=DiUWlcj-2BSyZbTxywQJ3PwyFPVH9bGSVE3xzsLkfwoxAl7GAhasAz7TJfMoVf-2FFNS_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1V5J9j9TcI5vOn9zo0FA6WW7LC20pXtPMZPZPP3qappvw8jDG9pexdh0-2B81mCGSP0W0f1INuygZrytVrF3t5bH1Lze6-2BBDC2ye2LtqE-2BeGY3zdwO7oMwBtxILUCkSt-2BQXfxfhqiww9ELTcfsrRYTS4VUhYQdH4-2BFVkIOt3lHz63FSeHQ4dSfFwkcH0yjKCD-2BabAOrwB3-2FxKAGL1zOsrxh2E-3D">asked
all former contributors whether they agree to the
proposed change</a>. The OpenSSL license has long
been unpopular due to its unusual advertising
clause. However, the license change to the Apache
license is controversial, because it will still mean
that <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=aL9b-2FRnHMdvj4fhEmnJTe0J3nh9pQf5-2B-2B4lhUe2EUv1LUPikC8q6Y3Gkm5MBg1On7CAfj1qMyXLhDxyYjsoULCMAxAahHWhtFeNIgyCwu3o-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1V8ykv8W1WN8z-2B5WsjRqVtPjLqyykz2HaEvuR53Fmv6hLwmtZMROkq9ArYf8RcJBsgGULifnDnzFnM96BlqmTlBXM7ySreVWAQ3s4Oi7JorOfqpfg43-2BQ3m2MwbG3koO0r9lV0NMNF7eIaaZlpuoJETuCSpmpI1q9i8q4pprtJNkGr5kqRMz9pjmmJvBuysDMvKuGqqoYWPuO1yOMWvEkCs-3D">OpenSSL
is incompatible with GPL version 2</a>. Code under
GPL 3 will be compatible, however.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=tEAq31L8uYmnQi8IyuifE0CPCZCVqrEMpgv1-2FBCtynV3d1kLKN-2ByQSab2ItDAkdJuTayu2rZQP5hna5H-2BM01UxhydaUie-2FrUSYb8FURBj0U-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1RElK4LsxINW1spLYfyRhJ29HD3O5C-2BifiMYd6PxFrxCl3-2FAyUwjaj1eOZsGuoYgGl6A2NXmgrKAhRKNqZutcpoYrN6rsuNMDmQG-2FJr8o97q2vP1uaLSrdNVeaYoXB7hcyrEDBvS1z9uEAazjoGJbgEgBpIa9cFPF-2B4qgTdHY151mLEQ92BddAsAWzegumoo4QwW7-2FC2-2B80gI-2B1MqlK933U-3D">CA/Browser
Forum voted in favor of a rule</a> that will make
checking of CAA records mandatory. With <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=myJiOmFt5GHgS9XfiBqrbgctRrGhAHxJiB-2Bi-2Fonc-2FmhJzhhyGlY8C47Uds3uCoAf_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1ZGALLhIIrSeuN5Io6QX1FNm52TfJ9RVYFzRaV6URK1ZVOuE8pV99lgcmmTOVv4waWYDdkoRkJhyJwID9uGwroxSGo86icaPxOzmf0daQQjGX3Ltdxj7CM7BgI6-2BTaB1sUsbqrlntpEQ41Dz-2BLrjsBHF1-2BF6RQRXpuAglpYn1x21-2FX2IpU8dd-2FNCXngzGzgiQuYZh-2BNh3pw16aQn3NuSiZQ-3D">CAA</a>,
domain owners can set a DNS record that defines
which certificate authorities are allowed to issue
certificates for it.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=dhp-2FhXTuwZnABPAaiCIMNtimqfRpEWkeq5Z4zthTjQh5cn7kSFJaw6RBGPc941UvnvMxbV1GdIsKp4eI09i94Q-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1cS3oa4aoTDvUVxwBmFpCImqDMWNj5Ag-2BTYhd-2Bsxys0Fmd5HiS0Xq4ceRPZJ-2B6cgsm-2FdyNLxJoQyJ4AoiO4aWQbswfsQDbN9oHAqwJbaiXxHI27ywAP-2FQktBYqZ99TjaEduAUoSzhH4LSrAioO7gC-2Fkc-2BgHC2E69sfuX8kYfjcYhRT2Txa3NxfRfQ0j4o4MFHBHFcr3OL9E52jyPpH2j-2FOY-3D">Cloudflare
enabled support for TLS 1.3 with zero round-trip
handshakes (0-RTT).</a> Although 0-RTT is a win
for performance, it’s also a security risk because
it can enable replay attacks. Cloudflare tries to
solve this problem by restricting 0-RTT to requests
for which such problems are unlikely.</li>
<li>The debate about TLS interception devices
continues. <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXJdWeMSzGNP7XCmi7XiiW8YTkgpNSqqK2MCGUVTIyDTH2tD52JE6FYE-2FKmjF0PZGRg-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1YytL4B5NnWmDYPuaSXJmh2VHWkWZAhmWLvIpiRPXpj-2BL0iCjolnL1rNDiOxzFUSddG2aPRZGrEWtjZOCTuSRongVGovpGvy38I9DMmQXJB6nDoSfegi8FcZvr-2BtKzXOGwrFVkKQf1ZIF9CqZnd114WKytfFznLEb017-2ByEMUIe-2BwrMRuREoExs-2BRGNllnK7IqexA4aXqvCu8M4LSjrbU8k-3D">US-CERT
has issued a warning about the security risks of
such devices and software</a>. <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXIIfOgtPifm8qKzrtxVTQoVzm1i7DSNfPRvl4kUnSr5wVrukkJKz17-2Fx9N8mv8fES8gsZekAn0sHXSKGcQ3S3F1HmNFRwVvxVBWTg7xhVcyh_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1SiDGNQaHcgk0dGnR4UPz59a2hFoG5F4upBN3Adv9EUfT5fE2GDhck6K3rKhAvGTYIzryjRdnSCfimRQJwOs965IuHzG5NnjLbBcvqZDsXFCP0Chq21bpds7-2FbN52RFEXdzUyrmYljt2R4mXNvHv26yizmERDDITVdYQw2Mdtciu2yGGYMJebGAlRuniyWvnxvogXtEOMvdXKQLf2vpC1rI-3D">Martijn
Grooten from Virus Bulletin still sees value in
TLS interception</a>, despite the security risks
that come with it.</li>
<li>The downtime of Amazon's S3 services caused some
problems for the Certificate Transparency logs of
the company Venafi. <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=oQtz6-2BN3LpFOOQ1jijZJXM1ldT1stZa4FOoYpexB9UkNzc0jeOy8Wwb7LZNm5DHqxu8cCwwgBFFLsSe2j0-2BbyDskF-2BHUYHiqaVxTlUObAhsHpHpsiqCuIE3XGieQL2Uw_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1clhJuVMvYluOVFYWdA7dkf1LX164C5dYaHLl-2BcwEYNFGp-2Bs0geQ1XcDrd8TOsmAqgeyfybgpT6IXvFQYkCvkszxJUE-2F3jAC4PGCL1KM4xKexW1ZIea5S8Wi7chZndy-2Bg3DXKZr0xJqbC0FAoUy-2By-2FLWUe5oR-2FC8OKMefSkgIQukQfSOyB6dMSHB4Z-2BNSKzJqdPvdNgqaMZCPw-2FkbF7mt2c-3D">The
logs gave inconsistent replies</a>, which is a
severe violation of the responsibilities of a
Certificate Transparency log. Future Chrome versions
will no longer accept these Venafi logs.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=dhp-2FhXTuwZnABPAaiCIMNkDylp6FijiAeRJ6ePBHEk9xR2I0Sj5010PqGmLcu2l4iL1HgsBKRLIpYmVsvZfv4Giux9MQqvChloHg-2F2U0Ulg-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bTVTGn8VSFYjQe552frMAszwfN-2Bm21ZtCR1MKzR1JQx3Qy8p3JlZo03PMGzd9UKqyCwRtH-2FvkQUZwVkJrcY0CkwdzGPqFUGYFQPy4lX0vEgy67ZybUhoGUmOzAwx0nal13p6vo92KK9eMzooBLXdlAcK1-2FiMGMpHDRV3jzFbruCVYmqZqOoJ-2FOjYuQoWXnBADx63WwnhVJp2-2BjcTivwIzc-3D">Akamai
published statistics about the prevalence of
support for SNI</a>. SNI is a TLS feature that
allows using multiple different certificates for
different hostnames on the same IP address.
According to these statistics, fewer than 1 percent
of users are unable to use SNI.</li>
<li>Mozilla released <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=ZeWwHd0X4R4qI5wjbFkhXiBUTiGYVY9gkdUKOoY1esVTrFgIZUNLt4LhkBIxoLxPOtDzrSO46ibohSR6xOD2DLy5cOHN2HVLbwM4OcDGYm3MUUR9HmeOr44uTpbkaLBH_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1T93FxFMxgLlZQUt4L7lBRoDt4Qv-2FQfvd1VvcjjsvJ-2F4xYaLgLiAHDl2mhI-2BEMF-2Bu10XiHZbCSGU8FwVqpHdWLQ1WDS5efyy4-2BqvYSTF-2Bt7LplqeFQvXO8YBY1r4TfBlJVrVVUbD36qinTcxDUd3GHHMweN0VqEXmEdpb1pKwnqoHKgTEzDRLL7RqzjZOHaX9qL9JdnuIr1vyYAJB-2FaZCVk-3D">NSS
version 3.30</a>, which contains mostly bugfixes.</li>
<li>Supersingular isogenies are a promising method for
post-quantum cryptography. They’re mostly considered
for key exchanges, but <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=ikqbOGJ6uN3nMQC4Y-2FQQgr5cClJfiIp2tpG86683oe-2BerO-2BFs7XKG6OWv0SGMitT_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bCg8Wp7FPF6N9cnz4h8ffa3aLB0Si3-2Bw7mEY2iGA2yGKU4wetqBgi68w7POXueqMK-2FVKx5l3rOd0WQpFs0kFeQeAYUqjZ-2BDUnQGNgf5xdXI87IScda8ZGgXJE1WXtOLx2nxjlx809648eb4ASbJyf4P-2FZdSzpuTYh-2FhjPpDD-2B9yLHEXZ3qx6u4YZ-2B7viFSRPDToQrPg7R8baum9mAiJnzU-3D">a
research paper has presented a signature scheme
based on this method</a>.</li>
<li>David Urbanik wrote a <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=s-2BAKi3T1T-2BSMG7-2BKVm9CsR7iimUneg2nb7GR4Ju1MU5R9qBb9gbmhvaba6vxwWQPpXlUARqLS-2B4jsMh1uzMBl5ElWhO-2FcOz5RfoZcmLslrM-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1QUtecNlVRSC20uqjfZrmd5-2BOTUZBg3pkEnqr229Ez1vnukCp9Q23JOo7dquFtj4n1P96OGU3mQjfFQ0q0pP2cP1jNPeai9-2BjDLhyrjBJjeO9R3hexuzmweVNJUaT6sB5GkFGEb7OJ2wZBeN9eKC-2F6p5Ukj3FoGy8njQg-2B-2Fp-2FhV8T5-2FdtidSj1Ae2BBlqMIuc0codALCr8qoSj7SFgbYUfI-3D">friendly
introduction to supersingular isogeny
Diffie-Hellman</a>.</li>
<li>A <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=ikqbOGJ6uN3nMQC4Y-2FQQgr5cClJfiIp2tpG86683oe9UPbaeXdOVIQ-2FU89zeh1l7_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1SpuAI-2F29RSeRvpXivayitWurt-2F9rL4-2B8gKSMASfXdQh3JMolTbgrjCq0aKtJFAcDGK9l7ufUa7sNOykHV7qGqeoZFh8lM9IoOrl1eDtP4uDKf7FiTAlIYMU-2F8YkCeuON2cPdwPUU-2FsbRQtq6XWGicAdU2x5sI7mNhT5ZJiCA92Qbf4OExL9vMLxduESXKbxqWS7vvEHjR1I1l83XxLthRo-3D">new
compression method for supersingular isogeny
Diffie-Hellman keys allows smaller key sizes</a>,
but comes with significant performance costs.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=Hwh8nn-2F5YAeqSRukXDHNdvanb8qd6E0ZZJ-2F06q9LXktusgQLk-2F4CNsPnXAigjgVemzRwXw5WyavZ-2F-2BYMPQUTsg-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1UKiMjKJD0m-2BezGab9qCK4KR3Ny1e-2BE4hLUSpsD4vF90GELsgr8zBLmNX3A236a3-2Fu3zypdlAd9U0jrLg0SL68hBRFeWGhv4iBcHScqvstGgqppbqNbGMF2GfUb9jJstfb0k-2B8PtWS8MyEtwR7YNG4vDa3Qh0pAJkaI4AcdrpoqohBDZOiM1XFYH5XGTdQxMDwZ8RUrDdt0yCF7Lq-2Bhpwxk-3D">Firefox
55 will restrict the Geolocation API to secure
contexts.</a> In Chrome, this is already the case.
This is in line with the browser’s plans to restrict
powerful features to HTTPS sites.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=VURj-2BKynrsQHin2XqWOCxlSzCa56jHh5hLujBzxTqVqfmX4C0tmDsAlp-2F-2B3hNxUZtMI9px35ZSvmvCJ-2FVWsnwOjniFx0BfeM-2B5Mt1q-2FMo-2Bn9TgKwi9rjX8yKGYoXtP6v_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bS05rJLhHPFLKCyvsQoy7T2-2BHm4xoKA1l4G7FFldN7EdUIAs3OFtc3o-2FSG58dGz66fSBvXakexpv-2FHg5q2OB-2BfbjByRO7pvURvuyM08qWJY-2Fu-2B3mFNoTPyfe5lcHsA0oY-2BYNs4Q8p1xwbLKPLvxYMBU7MXs-2FZlVlkRebVipSCu5Srhl6Qz5WS0AU0V5v4DRYh1O1EuU7FDkty6uDN5mhcw-3D">Guido
Vranken found several minor vulnerabilities in the
mbedTLS library.</a></li>
<li>A posting on the <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=BXvY9YPIt-2FWPTn5S8h29tO2KkkXGTYm8jK9jFz2R1enskZlAALqI8ndeZQUZEltAclH9ke-2F5GNYppQQm-2FyHvag-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1RtcPXa460J2BeoeapxAPSOJW-2BUA5qE9H29I4J1FtNwDCuF1x4V1lCOBz3XFRnHywxizjQ1fECYpuZaigoMDJG-2FoJHZjRSdOmX2AFqwMZtN9hHf1GfxWpxUMPUbFtLxWsBkLOQ-2FaVKYGg2xbSuXxv9AftWI-2BkQHIv-2B0Qun9gVFSQg9nDrhT-2B8-2Bh0WR-2Bf4azIoZvjR68tfUnbNXUDlVsr-2FnQ-3D">CFRG
mailing list by one of the designers of NTRU
indicates that the company owning the patent may
put it into the public domain</a>. NTRU is a
post-quantum encryption algorithm that has been
around for awhile but, because it’s patented, has
seen little adoption.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=Hwh8nn-2F5YAeqSRukXDHNdgllp9PDimxiKvJtE1sIWYbPGmkugTJwhMG4O7MXx8waqDoIhl3RiskPw9zShl4tQA-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1Y3PGANV0WlhF7MSbVd94muyrjb5uZFWeGgUsWH6aBb-2FtuQMwJ-2BRAtios6z7P0QnHhmreqExeEqAwj2oBoVt53ZI5xj246X5izFeeQKQAanmZC2tiNvZZqRkN2SZR5rHEfjXnL4-2BYNfUA6mxlqtcs2zErtzFzXVevsNIaOb-2BhJkywfKN5-2BRCLdxmv-2Fh7bin0fT2iX7F0YSg8dIlAJahbYYw-3D">Comodo
started operating two Certificate Transparency
logs;</a> also, a <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=dHmh4ogTSuW6asu3QCqEuILs-2FFup-2BODHdKGl-2FOi2BWLVAhI29KnuMXf-2BDVYvUhwhtCHNkafAA7nFrPsueu7WtCPxMM9S3YCdFVKc8MhJJWA-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1aKejTa0KxrqiGRfodGan6FFNe-2Bj-2FH5kbne3mE-2Fo1un8AU2QUxdl1DWsdBvQh3-2B-2FLQAtZbCK21-2B6LfRBtwpgwkMD-2BfukEI8cwZJAH0XMoxNHKprdDoMEVkWVmlaRNx5YqQw5FAL82P-2F9ox0iw5l7ZkYviwq6mE6ZyJzLPooF32N5gRMy7EyhGVHT6bf-2FPhm6AKtVFTpyQek4DQKHWkgoPdk-3D">log
operated by the company PuChuangSida passed the
90-day compliance period</a>.</li>
<li>Frustrated over the lack of a secure option to
access man pages of OpenBSD, <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=Hwh8nn-2F5YAeqSRukXDHNdsd2gPjbHBsFX61qqUwkk2c0ow3ee0UXiOza8iw34V770xHXXiiuwCaGi0JubUr-2BHQ-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1b0sF1zE8Xb-2F0KFuMWmXCCh9zvodl8tC6NWS7uDjMCbIMT2mWhcqq-2F0SQk95vq0JAh-2FNbbKtSxJyNaKeKSpleSNs7eti8eDH43CBAzsLODArSvZD39A11Vjfg4mADLO9qc0qllTaxsVdyP6zqlcBkt8yTrzsxLgZd2kBsxbWEbKlldVbyZ1fba1YtjwiiesbxOso593y8v6LxDfi-2FiL8YL0-3D">Filippo
Valsorda started mirroring them on an HTTPS site</a>.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXDGsfWZzKVelmAxnRmgJnE9rG2SRV0LZbZbcCtH9byeSu8tCMRDlOKK2BVAyPYjA6ttRYc-2BofBcfwuH15vIGtQo-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1SsYrMs-2F6MjKQiyr0DAU7iSyKZhy6o2gjCVmkfYX-2F2KivZp1fx9UCEyq4Q-2BQKOWuMBlp-2BVtFjEwA4ozb-2F-2BvNncAYcLCBVtUv38N4oZ2j3h8-2BnGau087EyZ6HOHdL-2BnRnDm57xa7lGYjhbl6tXyVUD1R9OtxZHktxiGcOpli1xr8eBB10NFhKsBrFL28oc-2FovSuWTPu8TZAWquWrfGPSJM8A-3D">Brian
Campbell provides a demo for Token Binding
technology.</a> Token Binding allows applications
to cryptographically connect security tokens to a
TLS session; it’s currently <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=myJiOmFt5GHgS9XfiBqrbgctRrGhAHxJiB-2Bi-2Fonc-2Fmiv3H-2FX1xaz-2BUZ6XpJwILv1QvKANSlZtrDEbu1hshe9-2FA-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bi0zUA7QeLiP-2BvHQIuOUW6VyBQ29Z-2BxpKh6WGHaEOZY6UD-2BH3fO38HrKTI2BFEgl1XAZsNAp9TmwPrjeA5Qnm-2FCBcdTbLAv9udEOc37DO7rPLrm0-2BkBJoL-2BgftOlYbps-2FyIrBEOgPe8UhNsj2YUut3QC3GNo8gYJkt0o5rZosX-2BkZzTdLF9F92mMDKleH5GNUM94Ufp76KmK-2B9HueeY8hY-3D">in
a draft state</a>.</li>
<li>The German government agency <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXK-2FPIjI1-2BWT74wotwmhS79j68ZPa9poO99O-2B-2FV-2FnODe4Wfcpq7THZz4lBD4C-2BBQ6SSusUeAXZd0qqtnKHNk08QlsZWpKkkEpL20fzJs196bEu-2Bu668ZFBHMNlB1JEtr24g-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1T1D-2B2xkS6ep3NOZbmr-2BhVwfd4fL11AQOpsUI9OYBvXW3Y4HIwJ6FlARF4uij5d5yinnMqu0gpQnDh0A8UeIprx6DW5mNcCuq9APZjR1R06B3SpW-2BqJdtafSP6oXQNKrZUiJ17uOfN3GNYgsOyZ2xGKn-2FVezwdJvjitdhQjzcP2cb-2FwJRThpHraQkgeb6H9CtouflJFcLAfcMyPUrUx7NQ8-3D">Bundesamt
für Sicherheit in der Informationstechnik (BSI)
has supported the development</a> of version 2.0
of the <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=ZUwuuh4qv9PWb04sSFAZDfHxaUysgnGr5FOXyx9aHp9njqzDz3QkoTe3Yd-2FjGpA5_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1Z9AABX11yirLwhT1QdRs7ttf-2BPKGu3QWR3M-2BzxG1YLuQ-2F51Elp-2FP2U-2FyzDNMRYVOjOYIjDttaMaz9SlcUqMeB-2FOhlGZAQQaT51bmZ3Hxf0rQ-2FTO53JMog3PHdEn3U3CDj3unn2Q8VdDx9g9s8XQHfqeA9AjCBp4IHaAP4oNHOVrq0ySixz7A-2Fz3Nbbjnpo459IWJYAdMI1-2B0ElWlCzEkrg-3D">cryptographic
library Botan</a>.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=Hwh8nn-2F5YAeqSRukXDHNdgOJXJWLPFj3Zbdui8u4YO92eD7VHRKwfBRu3LH5aAFr4OaXrwzMPxYkSs9m-2Frurb-2B9sLD2O4deuRT139C-2FPMHQ-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bBbQV103wqaOFbYyx02u7GaO-2FxhL7i1C1tTbZh8vSrreZ6UyZi-2FupS-2FFt8KaBrs-2FCqh45M4duObNc2JC6-2FY7-2FNusZOianxkVzooIK9XLpNAsPzUMmoZSPyxXniub1QuH0a4uuxmo74jx-2BhFnaZhVZstoC2IaXtTX74sqSvesSsfvtUIqTib4Zbo2C0Lst148Cw7Oay3liRiBZN74KPsBLU-3D">According
to a report on Twitter</a>, an IoT humidifier
flooded a room due to an expired TLS certificate.
However, no details were provided about the vendor.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXMqdCOa8ommYB6-2FhKzqhldcmb6Y6G2z-2BWrdcQ9l-2FTVv0KpbPNabN3p7fraJLIuxUt4v-2B2x2YiTGd52E1khWOI-2B8xJUVGKZBL-2F9c1XmsXAO9-2F_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1eFlH4v1tUdxG4y4gWnetLFX9N5ztTaxjKE-2BcY4sSWJCAIKyZ1AZ9uF6oNAmyLqsTgNyzfOhU6IUcWA0m0Y1yuEiyTgY0RcVVckdbwpfrJTDQvNxLpsnXlqtQH6BCAUjIOmIS7eaop6zTO-2BAG94Z1-2BOS5bo5iZ6DFVLEBv9L7xn1XyoaDOn2KXrn8Ale2sFnW9Z2vdL5HCwLUYNiFn-2FMUok-3D">A
paper from SBA Research investigates faster
methods for Internet-wide TLS scanning.</a></li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=myJiOmFt5GHgS9XfiBqrbgctRrGhAHxJiB-2Bi-2Fonc-2FmhrQUzfhoGybq8RVVIWgvie7f30ydbI792QlqL85c-2FULw-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1Z066HQ-2Byo3dla1xzO7GaBsvRhxKxCw7JZor72YKFrwD-2FCAvTomMy3wtLlDmVFT6BwXGJvsLmieWkRvN7TIxJXUJOwKh-2FvsPnCfK4XUGtxNfkogqi1tgxhfld4HcbB4YQDtpPUD5v1LLBCSgo5S3AW9uPTZIURzt3ySmXxKxMsrf3hHOZTWseYI550pKvwDJqXLVQsxJLcce8iFRsyK3aJY-3D">TLS
1.3 draft 19</a> has been published.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=dhp-2FhXTuwZnABPAaiCIMNgfM-2BRk-2B23R6qZ2jJehEajOS7vT51POtRlKlZpXVzfpVZfMAgnXBKpYyTI04dnYBp6LLJZrCX4y-2BWgXaA2uq-2Bq0-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1ZSSNUo-2FkslM9zX6v6YWyAjZFA86mHpb9L4zKMMAtq3YfM8H69IA-2BcpNXesuWeDgwRDUjVyvu3Nj7Z6zfcDsYUUT83iay22Ggb4rsdd3M72ypLqJq2ctJB9xPzYm-2BL7lFueHcbYzSYkztGSldpfS5TgHJEu5n7dHh-2FiW9elqARYPFOJ1w0Q7sfA0ovd2-2BC2jeoLTXHYS1VJzzZunZeVIoiE-3D">Heroku
has added support for automatic TLS certificates
for all paid dynos</a> (Linux Containers).</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=Hwh8nn-2F5YAeqSRukXDHNdtUAMyfAiO6H-2FJdWtkdfP9kJGvgiy-2FKrdy40X4sbimjAbrJHZeBlEFxvxc14oo-2BHZA-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bv1q4E2A1gQ6fb8KFk-2F5e7fJ-2B9tVVDnEjiUK1UqeXHE9tQaP6s3aX8MxsXaHa5DA6G5cCXNgumbdGhrVaxp9jPuTPKKZKF8J6iuhZOT2glQNmsl8djWnl5pF7yhG5XnisUVuilxazIgD2cqsqFTQgQNq7-2FwwEsoNS9Ke5USB3Qx58HjHgR-2BpyeW7DK7IuOD0riuo1Ec3xfR-2BKWTcKGYt-2FA-3D">Chrome
on Android now supports AIA</a>, a feature that
fetches missing intermediate certificates.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXDGsfWZzKVelmAxnRmgJnE-2Bau6aHUW08qpr7wErTbBF3F5RzkQXE5czd3eemW2bJ3uW5J-2FX-2FUbIk2OJRHyPP-2FEg-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1RrTcckP0q2h2ruJLWLy6olEE8l4QFoWYglUksg870CGjLugveZfe38DFmECcbQlHyoHNoFZ-2BqYPvbhypdN7jZZSqbERcs-2BoD-2BvF2OyrW7gDt37NW8XazuOStfiU9Z6eU-2Br7j5C2bGx3moUVg-2Fh8cfu7aOoc2sM0BWusHd5kItgy-2BjNpLtFWQ2OA47IyJ4eZgPL4VI0dcOWA4iWhDQLgRBI-3D">Andrew
Ayer has set up a tool to detect inconsistencies
in Certificate Transparency logs via the gossiping
feature.</a></li>
<li>A new research paper <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=fYxuIZgCn6axJ2NWlsZgcVShCdJwJRgiR-2BROx04sU13s213HRjog2rhKSfLTEsOg_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1bp5LPYwRSzp2cvWK6E5DQ2xoh7umcla32GD2PD9-2FZuEZ8idb8g8pTsb16Nv17u6He67SZTAyBkDHKEcXEcBcphZ1uRCCpKyttxixb-2BuGGjuGocPnw-2B8-2FxSDzBJbOpsj9GYXzUmr9SFrV23JKbLOEKRUTrA0FvGi06V9HuQq-2BQjuM0vzX8JSKDATQgPUOUVeatj5RYLfIGN8yYViuXEB5ew-3D">investigates
privacy problems in Certificate Transparency and
potential solutions</a>.</li>
<li>The <a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=Hwh8nn-2F5YAeqSRukXDHNdgllp9PDimxiKvJtE1sIWYZzelN-2BRVXXFur80xgO2zEED-2F-2FIcz0EO8oqBnQjvhSk-2BQ-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1SOIIAsYmzgza3VM9M6rwr30PS0EAA-2BtoHNu08TMzUv-2FFxKcv11lwR91m-2BqrWHQ8nhm17Okqan1ALKJSIsZYuK-2Bf-2Bs9YOL4iIotUzvFh8s4R-2BGgjbXrqd6Uiv8WXfeeAYZ9-2BAljKbdVVSHWo4wR0vlwo0gCyt3dzSMQPIXqB-2Fo-2FOE15S94y-2BPlfVGwYAu0PNsuTzej8gsUdrGQjtrrSHOkA-3D">use
of modern elliptic curve signatures (Ed25519,
Ed448) will soon be possible within X.509
certificates according to Rob Stradling from
Comodo</a>. An RFC will be published soon.</li>
<li>A research paper proposes a new mechanism for
certificate revocation in browsers: <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=jVO2N-2F3-2F1tZuoJM9NSjPkk0gesHdGJtiii611B6o-2BDRdzcBwQl-2FcWTGiDtIhbtsJ3PoS1TbL8Jk-2B4oWkmsPpi2zcLslsp7VdN28ECL-2BV-2BMU-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1ZwlQ5rqfGaynKOtrgvlnW1C7-2FOOQsY8Pv0XWtwTcliW7sZKtKXSrYOTfS0SbFOGx8SvYkE0k6hS5b0OSwtdOBCFQw-2BOB54rQ3t9Vy-2BtBwxMfnZigEzFK1gU83VrQOkWfPjOO6qokSbDWBacC2UZK3XLsjpc6lVlPEzUHWx8O4pUnj8KwVnJrTezpdcGqCpDw5fF8CWvCbHf0MER-2BwRoWIM-3D">CRLite</a>.</li>
<li>Guido Vranken writes about a <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=VURj-2BKynrsQHin2XqWOCxlSzCa56jHh5hLujBzxTqVojnxC38Gls8QH0Dx8PVBlAm1ZRtXuPpn3jrml3fxrB5JBc4eeqwXcV6GAxIlBVrR-2Bvs4-2BArV1xyDd03mHPwjCI_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1a2G-2BZgpyw4H4nDqe2UW6KNl-2BKyV-2BvxwoDDv3iABwk0WmBaCa4XT89kaymd-2Bjwn-2F-2BRUIudgRTWG4wubuUBAyzXtjMZPVbWnB2GgQleqir9wgd1AiNkGZj8PMQ6V7RaPpRpB-2Bd1keDtnXojEgJQQqsCU12-2BTujMzNAJ69-2F4WQSfNtf75-2FoLy0Oy478dlFuXBx6FKNagW-2FbkY852qRgjb04Fk-3D">subtle
and hard to spot memory corruption bug in OpenSSL</a>.</li>
<li>The web page fraudmarc provides a <a
moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXLA776CPeNPoTwkpdOFjThbk54buStfEHpduN-2BTqqqW3c6Zg6zJJWdkzaGcECKVeWg-3D-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1UhLqoB-2BP8ZxEi-2FBjMhencigEJWohLPNaWw8zhHIBd4PVv-2BdLJ-2FcDrZvu2NghGaB2rf5k15NiQV-2FW0VyNEW-2FtdcVvrK5eRhxZCadvq-2FLwQtaGi07vlxi7ORjJbe9mPKbxMKuc9ZTyBFFlevYnXYy23dvP3Zzk8pcyxQOTe6YidKbuufjDKNkxA2HljIZM-2BVvoqDNOi5T6I-2FDvq1XEIorO2U-3D">check
tool for MTA STS policies and records</a>. MTA STS
is a draft for a standard enabling authenticated TLS
connections between mail servers.</li>
<li><a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=xKzDZpO8efo8-2FWH8LXyydaFm7Ht1EgkhBAbzatDpFrM-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1fN8Hyz2n70MTUIv3-2BKpHlIY5wVtLM4uqfuWRlrwtER-2F6p78d-2Fti2TtCI3ADmd2wks62GPtRSI2m4AwxiS4D9vZqBnqISpaK5GlDUZxLUUV4gdtCxylrOPG2RfxY4yUyW9NTtZHcLBbg-2Bq5gtTUUi71cR64KAKL66nqPUJcgsdOf2SlVpyIVWxks1QxMJ5Ut0Oo6lD162aAETmU37EAkEVw-3D">snuck.me</a>
provides a check for TLS interception and locally
installed root certificates.</li>
</ul>
</td>
</tr>
<tr>
<td style="border-top: 1px solid #CCCCCC" align="center"
bgcolor="#FFFFFF">
<p><strong>© 2016-2017 Feisty Duck Ltd</strong></p>
<p>Registered address: 2nd Floor, 109 Uxbridge Road,
London W5 5TL, United Kingdom<br>
<a moz-do-not-send="true"
href="https://sg.feistyduck.com/wf/click?upn=P0QF-2FdKfzwSko7-2FGSbXeXCzXWkifVJHDncEFwYis9sQ-3D_tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1UXTL-2BdJSHHZ8r7W3L29K50NO7M-2FQ7iGJTS2-2BMh5aexttV6JxijBHRj51e6CGwKNKLXgcTgze5EHJXdOeFOuO4-2FN-2BXniYNFVGNnZKIcBnxC-2FJhtc-2FEkooNQf-2FQRATgXF3AEySK8ieI-2BD8OsZbsPNxjfbVTJT-2FUAoLQbxPfLeXYnaZZLgXJEmXYPDp0TDK5aFtlvJ1dP9a7IIvXsTaCyRJyQ-3D">www.feistyduck.com</a>
/ <a moz-do-not-send="true"
href="mailto:hello@feistyduck.com">hello@feistyduck.com</a></p>
</td>
</tr>
</tbody>
</table>
</div>
<img moz-do-not-send="true"
src="https://sg.feistyduck.com/wf/open?upn=tONh1HsRScM1DZBfvR9X25elhsl8elR-2FKcKm2wfQa4ePasvLRPKQ5D9Ae8S-2FedmpIkGf4-2BIO-2FyKz8ExebGDA6VjY4HkupY-2BuAzKZt9VtyCwwksFPHeMIaTg0Tae6eqvH1OFAHW8Gy8-2FrakBtvnylYwJXKw-2Fg7L-2BzWIHP42zqeLzFvi0T92R2cRhCgfvilKKG4gdtHMqU4-2FjnSxcVi69k1V8fEb6ul6ApnfE-2F-2BNYycB-2FTFDsMOShRLK5xsF89xvHL2v7FJ7rJ7Wq0TnUpsIJYlqpY0HurxyXBidoyoOdmgHqJygcokxchqpfRdWzDzQiU7pzhA9tGnMzVahJxFwzfWixY-2FrHDkxi28XokejbCUztf8MazbUXb8uV4s0z4ajsyo5-2FdwhcvkXC2WuBhPvs6gjq8XXQN8bcyB8EKGw4IC7I-3D"
alt="" style="height:1px !important;width:1px
!important;border-width:0 !important;margin-top:0
!important;margin-bottom:0 !important;margin-right:0
!important;margin-left:0 !important;padding-top:0
!important;padding-bottom:0 !important;padding-right:0
!important;padding-left:0 !important;" border="0" height="1"
width="1">
</div>
</body>
</html>