A history of encrypting the TLS server name, from the 2018 ESNI experiment and why it failed to the ECH design that encrypts the whole inner ClientHello with HPKE, finished as RFC 9849 in 2026.
How blue teams use TLS fingerprints to catch malware command-and-control: JA3/JA3S, JARM and JA4+, the Cobalt Strike default signatures, and what Chrome's ClientHello randomization broke.
Traces the lineage of transport encryption from Netscape's SSL 2.0 through TLS 1.0-1.2 to RFC 8446, told through the attacks that forced each revision: BEAST, CRIME, POODLE, Heartbleed, FREAK, and Logjam.
Traces the certificate authority from X.509's 1988 origins and the VeriSign oligopoly through the breaches that broke the trust model — Comodo, DigiNotar, TURKTRUST, Symantec — to Certificate Transparency and the CA/Browser Forum.
A timeline of TLS-client fingerprinting: the p0f-era SSL patches, Lee Brotherston's FingerprinTLS, Salesforce's JA3 and JARM, Cisco's destination-context work, and FoxIO's JA4+ suite.
Traces Let's Encrypt from the 2013 founding of ISRG and the ACME protocol through the 2016 launch, the march to a majority-HTTPS web, and the 2024-2026 move from OCSP to CRLs and short-lived certificates.