Introducing CloudFlare Origin CA
Free and performant encryption to the origin for CloudFlare customers
In the fall of 2014 CloudFlare launched Universal SSL and doubled the number of sites on the Internet accessible via HTTPS. In just a few days we issued certificates protecting millions of our customers’ domains and became the easiest way to secure your website with SSL/TLS.
At the time, we "strongly recommend[ed] that site owners install a certificate on their web servers so we can encrypt traffic to the origin." This recommendation was followed by a blog post describing two readily-available options for doing so—creating a self-signed certificate and purchasing a publicly trusted certificate—and a third, still-in-beta option: using our private CA. Even though out-of-pocket costs of acquiring public CA certificates have since fallen to $0 since that post, we have continued to receive requests from our customers for an even easier (and more performant) option.
Operating a public certificate authority is difficult because you don't directly control either endpoint of the HTTPS connection (browser or web server). As a result, public CAs are limited both in their ability to issue certificates optimized for inter-server communication, as well as in their ability to revoke certificates if they are compromised. Continue reading
Cloud Orchestration: 8 Benefits
Find out how cloud orchestration tools can help streamline deployment and management of your cloud resources.
Response: Are Open-Source Controllers Ready for Carrier-Grade Services?
My beloved source of meaningless marketing messages led me to a blog post with a catchy headline: are open-source SDN controllers ready for carrier-grade services?
It turned out the whole thing was a simple marketing gig for Ixia testers, but supposedly “the response of the attendees of an SDN event was overwhelming”, which worries me… or makes me happy, because it’s easy to see plenty of fix-and-redesign work in the future.
Read more ...Overheard At Interop, Day 1
Observations and highlights from the first day of Interop Las Vegas 2016.
Satoshi: how Craig Wright’s deception worked
My previous post shows how anybody can verify Satoshi using a GUI. In this post, I'll do the same, with command-line tools (openssl). It's just a simple application of crypto (hashes, public-keys) to the problem.I go through this step-by-step discussion in order to demonstrate Craig Wright's scam. Dan Kaminsky's post and the redditors comes to the same point through a different sequence, but I think my way is clearer.
Step #1: the Bitcoin address
We know certain Bitcoin addresses correspond to Satoshi Nakamoto him/her self. For the sake of discussion, we'll use the address 15fszyyM95UANiEeVa4H5L6va7Z7UFZCYP. It's actually my address, but we'll pretend it's Satoshi's. In this post, I'm going to prove that this address belongs to me.
The address isn't the public-key, as you'd expect, but the hash of the public-key. Hashes are a lot shorter, and easier to pass around. We only pull out the public-key when we need to do a transaction. The hashing algorithm is explained on this website [http://gobittest.appspot.com/Address]. It's basically base58(ripemd(sha256(public-key)).
Step #2: You get the public-key
Hashes are one-way, so given a Bitcoin address, we can't immediately convert it into a public-key. Instead, we have to look it Continue reading
CiscoLive 2016: ‘Summer Camp for Geeks’
The other day I was talking with a friend about my summer plans. As we were talking about July….. my face apparently lit up and my voice got all excited and happy when I mentioned CiscoLive.
“What exactly is CiscoLive?” she asked.
I answered, “CiscoLive is my absolute favorite work week of the entire year. Has been since my first one back in 2006.”
“What do you like so much about it?” she asked. ……
My answer to her? 
“It’s like a week long Summer Camp for Geeks”
Why I Love Cisco Live US
- Learning & Sharing Knowledge
- Breakouts, Technical Seminars, and Labs
- Meet the Expert
- Lunch and Learn (Formerly Table Topics)
- Social Media Fun
Learning & Sharing Knowledge
Learning… learning… learning ….. learning. I just love learning! For me… learning from others and passing that on is one of my passions in life.
And WOW is there knowledge to learn at CiscoLive!
Of course, I have never been to a CiscoLive as a non Cisco employee. Nor have I ever gone and not been a speaker. So, for me, CiscoLive has always involved me prioritizing technical knowledge sharing/teaching with CiscoLive Continue reading
Satoshi: That’s not how any of this works
In this WIRED article, Gaven Andresen says why he believes Craig Wright's claim to be Satoshi Nakamoto:“It’s certainly possible I was bamboozled,” Andresen says. “I could spin stories of how they hacked the hotel Wi-fi so that the insecure connection gave us a bad version of the software. But that just seems incredibly unlikely. It seems the simpler explanation is that this person is Satoshi.”That's not how this works. That's not how any of this works.
The entire point of Bitcoin is that it's decentralized. We don't need to take Andresen's word for it. We don't need to take anybody's word for it. Nobody needs to fly to London and check it out on a private computer. Instead, you can just send somebody the signature, and they can verify it themselves. That the story was embargoed means nothing -- either way, Andresen was constrained by an NDA. Since they didn't do it the correct way, and were doing it the roundabout way, the simpler explanation is that he was being bamboozled.
Below is an example of this, using the Electrum Bitcoin wallet software:
This proves that the owner of the Bitcoin Address has signed the Message Continue reading