David Adrian's Avatar

David Adrian

@dadrian.io

Used to do TLS, still kind of do TLS. PM at Chrome Security. Founded Censys. @scwpod.bsky.social

565
Followers 96
Following 234
Posts 13.04.2023
Joined
Posts Following

Latest posts by David Adrian @dadrian.io

Cultivating a robust and efficient quantum-safe HTTPS Posted by Chrome Secure Web and Networking Team Today we're announcing a new program in Chrome to make HTTPS certificates secure against ...

new Merkle Tree Cert only Chrome Quantum Root Store:

security.googleblog.com/2026/02/cult...

27.02.2026 19:27 πŸ‘ 8 πŸ” 3 πŸ’¬ 0 πŸ“Œ 1

None of you are giving me enough credit for not participating on the TLS working group mailing list. You're welcome. Everything I don't do, I don't do it for you.

28.02.2026 02:26 πŸ‘ 24 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0

Who up losing they minds on this site?

18.02.2026 15:00 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
bugs bunny is making a funny face with his mouth open and the words `` no '' written below him . ALT: bugs bunny is making a funny face with his mouth open and the words `` no '' written below him .
08.02.2026 20:25 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor YouTube video by Security Cryptography Whatever

NEW EPISODE!

The maintainers of py/cryptography declared that after many years of trying to make it work, they would be moving away from OpenSSL when supporting new functionality and exploring adding other backends:

securitycryptographywhatever.com/2026/02/01/p...
www.youtube.com/watch?v=dEKB...

02.02.2026 04:52 πŸ‘ 19 πŸ” 5 πŸ’¬ 5 πŸ“Œ 2

Thinking about Curt Cignetti.

23.01.2026 17:39 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I cannot get over how impressive it is what Curt Cignetti accomplished at Indiana

21.01.2026 05:38 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
bugs bunny is making a funny face with his mouth open and the words `` no '' written below him . ALT: bugs bunny is making a funny face with his mouth open and the words `` no '' written below him .
20.01.2026 01:07 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Indiana shall light this holy ring, release its cleansing flame, and burn a path into the divine beyond!

20.01.2026 01:02 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
6-day and IP Address Certificates are Generally Available Short-lived and IP address certificates are now generally available from Let’s Encrypt. These certificates are valid for 160 hours, just over six days. In order to get a short-lived certificate subscr...

This is what zero-trust looks like at the infrastructure layer. Identity and encryption match the lifetime of the thing being secured.

If your certificate strategy still assumes stable names and year-long validity, it is already behind reality.

letsencrypt.org/2026/01/15/6...

16.01.2026 16:26 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Stop inventorying keys. If you have a reason to migrate to post-quantum cryptography (PQC), you should not be inventorying keys for the purpose of migration, and you should stop listening to anyone who suggests that you do s...

dadrian.io/blog/posts/s...

12.01.2026 02:24 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 2
12.01.2026 02:34 πŸ‘ 10 πŸ” 4 πŸ’¬ 0 πŸ“Œ 1

repent! for the day of sixteen windiana shall be upon us!

10.01.2026 03:24 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1

Final SCW of 2025! We had Matt Bernhard on to talk about cryptographic voting systems, in the wake of the IACR election. (Everybody I voted for in the new election won! Woo!)

31.12.2025 05:10 πŸ‘ 9 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
A selfie of Joe Hall, a smiling man with a salt-and-pepper beard and glasses, standing in front of a brightly lit Christmas tree. He is wearing a black t-shirt with the text "Security. Cryptography. Whatever." in blue lettering, representing the SCW Podcast. The tree is decorated with colorful ornaments and topped with a glowing gold star.

A selfie of Joe Hall, a smiling man with a salt-and-pepper beard and glasses, standing in front of a brightly lit Christmas tree. He is wearing a black t-shirt with the text "Security. Cryptography. Whatever." in blue lettering, representing the SCW Podcast. The tree is decorated with colorful ornaments and topped with a glowing gold star.

What a fantastic present to end the year! (swear I woke up like this) @mbernhard.com @durumcrustulum.com @sockpuppet.org @dadrian.io @scwpod.bsky.social

31.12.2025 14:38 πŸ‘ 7 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

The RESF is actively harmful to adopting Rust in real projects

26.12.2025 20:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

This Bernstein crap drives me up the wall because IT MAKES NO SENSE.

Why would the NSA be picking weak crypto to protect US NatSec?!

They have mathematicians and clusters in China, too!

Dual_EC_DRBG was a NOBUS backdoor. There is NOWHERE to hide a NOBUS backdoor in ML-KEM.

24.11.2025 21:27 πŸ‘ 64 πŸ” 7 πŸ’¬ 7 πŸ“Œ 0

The John U Bacon special

09.11.2025 02:24 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Wonderful news! The kind of thing a lot of software folks across the world have been working to make possible. So stoked the Chrome folks are pushing us forward

28.10.2025 19:59 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
HTTPS by default One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable β€œAlways Use Secu...

It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...

28.10.2025 17:17 πŸ‘ 91 πŸ” 27 πŸ’¬ 3 πŸ“Œ 6
Preview
HTTPS by default One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable β€œAlways Use Secu...

One year from now, Chrome will enable "Always Use Secure Connections" and warn users before plaintext HTTP by default.

28.10.2025 17:27 πŸ‘ 16 πŸ” 8 πŸ’¬ 0 πŸ“Œ 1

Iowa-Rutgers hitting the over? Trump ruined the B1G West.

20.09.2025 03:12 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Revocation ain't no thang. Adam Langley wrote about how revocation in the Web PKI doesn’t work over 10 years ago. Since then, the Web PKI has drastically changed for the better, despite not appearing to β€œsolve” revocation. Unfo...

New post! Stop trying to solve revocation, we already have the answer. dadrian.io/blog/posts/r...

11.09.2025 00:16 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 2

Kirk Herbstreit is going to be the first person to make a Golden Retriever unlikable.

06.09.2025 15:39 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Another Sleeping Giant: Microsoft’s Root Program and the 1.1.1.1 Certificate Slip | UNMITIGATED RISK

The bigger issue? Microsoft’s root program still trusts this CA, leaving Edge and Windows users exposed in ways Chrome, Firefox, and Safari users aren’t.

The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.

πŸ‘‡

03.09.2025 22:23 πŸ‘ 3 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0

Tell Holly and her mom I say hi

02.09.2025 02:13 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

If you look closely, you can see UNC’s quarterback is not Tom Brady

02.09.2025 01:55 πŸ‘ 3 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

This game has me feeling like I'm watching Iowa play Iowa.

30.08.2025 16:49 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Lincoln is a great town to watch a football game in!

29.08.2025 19:53 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I’ve never had a runza, but I have had a pasty which seems close enough.

29.08.2025 02:27 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0