re: CAA Mandated by CA/Browser Forum

Why do they make the web/browser so complicated?
I know that CA is a multi-$$$$ business, and no one wants’ to give it up.

It would be easier to give the security to the domain owner or the domain registrar.
So the browser don’t have to be setting rules how the net should work, nor anyone else.
– i have a software that use openSSL and generate a (RSA/EC/etc..) key pair (private & public).
– the software save the private key, and does not display it, it store it in hardware or software.
– the software display the public key, & save it to a file public.key
– the domain owner create a HPKP dns record with the public key.
– then use the software to create certificate with the private key, but only for the domains with the public key in the dns record.

Then all the browser has to do a dns lookup on the website domain name for the public key to decode the certificate. the browser will then open an encrypted cache file, and save the website domain name, a hash of the certificate & hash of the public key, with a time to live value of 3 hrs (so as to check if the public key has changed).

re: On-Prem is Dead. Long Live On-Prem!


Has anyone seen any report of business moving to the cloud, then has to move back to on-prem after a while?

1. What is going to happen to windows 10? eg: you buy a business laptop (say $1,100), it comes with windows 10 pro, you use that laptop for 5 to 6 years, when will you stop updating? How will MS make any money from you in that 5-6 years.

(yes i have 10 year old laptop with windows xp sp3 running fine. Gotta love those recovery disc)

2. The same problem with Office you buy in the store/online-shop.

The only way MS can suck money out of you is to change to a software as a service. if you don’t pay, you don’t get service.

– office solution is call Office 365. Once you start you can’t stop. I have not read any article or blog that hint that any user has ever close their account.

– what is windows solution call ?

3. The same goes for Citrix, if on prem customers are happy, why would they upgrade? no upgrade means no money for Citrix.

– but with a “as service” bill, money will come if they need the service, that is.

Microsoft Certificate Authority for XenApp, XenDesktop, XenMobile and NetScaler — Ask the Architect

My lab is very XenApp and XenDesktop focused, but I need to expand the functionality to include secure access with NetScaler Gateway and incorporate mobile device management/mobile app management (MDM/MAM) with XenMobile. From what I understand, in order to do this, I really need to install certificates. D’oh! Every time I have to deal with […]

via Microsoft Certificate Authority for XenApp, XenDesktop, XenMobile and NetScaler — Ask the Architect