Extended Validation Certificates – The Introduction

In 2005, one of my first projects on the Internet Explorer team was improving the user-experience for HTTPS sites (“SSLUX”). Our first task was to change the certificate error experience from the confusing and misleading modal dialog box: … to something that more clearly conveyed the risk and which more clearly discouraged users from acceptingContinue reading “Extended Validation Certificates – The Introduction”

Authenticode and SHA1–Redux

I tried to install Telerik DevCraft Ultimate, but Windows 8.1 and Windows 10 blocked it: “Unknown Publisher”? Hrm. That’s weird. I know Telerik signs their code and I was pretty sure their code-signing certificate is SHA256, so the new restrictions on SHA1 in code-signing shouldn’t be a problem, right? Sure enough, the code is signed with a SHA256Continue reading “Authenticode and SHA1–Redux”

Automatically Evaluating Compressibility

Fiddler’s Transformer tab has long been a simple way to examine the use of HTTP compression of web assets, especially as new compression engines (like Zopfli) and compression formats (like Brotli) arose. However, the one-Session-at-a-time design of the Transformer tab means it is cumbersome to use to evaluate the compressibility of an entire page orContinue reading “Automatically Evaluating Compressibility”