Inspired by the classic xeyes program, I made a thing:
ssh teyes.fly.dev
Or go install github.com/mcpherrinm/teyes@latest && teyes
Give your mouse a wiggle over the terminal!
I'll be speaking at the Ontario Cryptography Day!
https://ontario-crypto-day.github.io/
Where: University of Waterloo Davis Centre (DC) 1301 and 1302
When: Friday, June 6, 2025, from 10am to approx. 4:30pm
I hope anyone in the area interested in cryptography is able to attend. It's a free event, but registration is required.
Earlier this year we announced our intention to introduce short-lived certificates with lifetimes of six days as an option for our subscribers. Yesterday we issued our first short-lived certificate. You can see the certificate at the bottom of our post, or here thanks to Certificate Transparency logs. We issued it to ourselves and then immediately revoked it so we can observe the certificate’s whole lifecycle. This is the first step towards making short-lived certificates available to all subscribers.
Chrome has published version 1.6 of their root store policy.
Notably, this contains a timeline for deprecating use of the TLS Client Auth extended-key-usage inside the PKIs included in their program.
If you currently use TLS Client Auth from a publicly trusted CA, you may need to take action.
> ... certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
Congratulations to the Firefox team for shipping CT enforcement!
> Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms.
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ
snow 
