David Adrian
@dadrian.io
Used to do TLS, still kind of do TLS. PM at Chrome Security. Founded Censys. @scwpod.bsky.social
Reposted by David Adrian
Wonderful news! The kind of thing a lot of software folks across the world have been working to make possible. So stoked the Chrome folks are pushing us forward
One year from now, Chrome will enable "Always Use Secure Connections" and warn users before plaintext HTTP by default.
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 7:59 PM
Wonderful news! The kind of thing a lot of software folks across the world have been working to make possible. So stoked the Chrome folks are pushing us forward
Reposted by David Adrian
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
security.googleblog.com/2025/10/http...
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 5:17 PM
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
security.googleblog.com/2025/10/http...
One year from now, Chrome will enable "Always Use Secure Connections" and warn users before plaintext HTTP by default.
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 5:27 PM
One year from now, Chrome will enable "Always Use Secure Connections" and warn users before plaintext HTTP by default.
Iowa-Rutgers hitting the over? Trump ruined the B1G West.
September 20, 2025 at 3:12 AM
Iowa-Rutgers hitting the over? Trump ruined the B1G West.
New post! Stop trying to solve revocation, we already have the answer. dadrian.io/blog/posts/r...
Revocation ain't no thang.
Adam Langley wrote about how revocation in the Web PKI doesn’t work over 10 years ago. Since then, the Web PKI has drastically changed for the better, despite not appearing to “solve” revocation. Unfo...
dadrian.io
September 11, 2025 at 12:16 AM
New post! Stop trying to solve revocation, we already have the answer. dadrian.io/blog/posts/r...
Kirk Herbstreit is going to be the first person to make a Golden Retriever unlikable.
September 6, 2025 at 3:39 PM
Kirk Herbstreit is going to be the first person to make a Golden Retriever unlikable.
Reposted by David Adrian
The bigger issue? Microsoft’s root program still trusts this CA, leaving Edge and Windows users exposed in ways Chrome, Firefox, and Safari users aren’t.
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
Another Sleeping Giant: Microsoft’s Root Program and the 1.1.1.1 Certificate Slip | UNMITIGATED RISK
unmitigatedrisk.com
September 3, 2025 at 10:23 PM
The bigger issue? Microsoft’s root program still trusts this CA, leaving Edge and Windows users exposed in ways Chrome, Firefox, and Safari users aren’t.
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
The pattern is familiar: long-lived trust, weak oversight, systemic risk. It’s time for Microsoft to step up and fund proper root governance.
👇
If you look closely, you can see UNC’s quarterback is not Tom Brady
September 2, 2025 at 1:56 AM
If you look closely, you can see UNC’s quarterback is not Tom Brady
Reposted by David Adrian
This game has me feeling like I'm watching Iowa play Iowa.
August 30, 2025 at 4:49 PM
This game has me feeling like I'm watching Iowa play Iowa.
Sent this to a girl in California and pretty sure she thinks it’s in another language
August 29, 2025 at 1:08 AM
Sent this to a girl in California and pretty sure she thinks it’s in another language
Come for the PGP dunks, stay for the broader discussion of why encrypted email doesn’t make sense
NEW EPISODE!
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
Stop Using Encrypted Email with William Woodruff
YouTube video by Security Cryptography Whatever
www.youtube.com
August 23, 2025 at 3:08 AM
Come for the PGP dunks, stay for the broader discussion of why encrypted email doesn’t make sense
Reposted by David Adrian
The first part of this interview with my ex-colleague Alex is a great listen if you're a software engineer (or otherwise technical) and are interested in what we were working on as technologists at the Federal Trade Commission.
NEW EPISODE!
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
Alex Gaynor
YouTube video by Security Cryptography Whatever
youtu.be
August 17, 2025 at 4:03 PM
The first part of this interview with my ex-colleague Alex is a great listen if you're a software engineer (or otherwise technical) and are interested in what we were working on as technologists at the Federal Trade Commission.
Reposted by David Adrian
NEW EPISODE!
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
Stop Using Encrypted Email with William Woodruff
YouTube video by Security Cryptography Whatever
www.youtube.com
August 23, 2025 at 3:01 AM
NEW EPISODE!
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
Reposted by David Adrian
NEW EPISODE!
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
Alex Gaynor
YouTube video by Security Cryptography Whatever
youtu.be
August 16, 2025 at 10:29 PM
NEW EPISODE!
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
And then there’s David.
There are PMs who are useless. And then there are PMs:
August 13, 2025 at 12:40 AM
And then there’s David.
Reposted by David Adrian
New episode! Come to SCWPodCon, sponsored by Teleport! www.youtube.com/watch?v=tbnh...
Vegas, Baby!
YouTube video by Security Cryptography Whatever
www.youtube.com
July 29, 2025 at 12:59 PM
New episode! Come to SCWPodCon, sponsored by Teleport! www.youtube.com/watch?v=tbnh...
Reposted by David Adrian
Reposted by David Adrian
This Quantum Attack Is Live Now
YouTube video by Deirdre Connolly
www.youtube.com
July 16, 2025 at 5:57 PM
Just posted a deep dive on how Chrome integrates with Advanced Protection Mode on Android. security.googleblog.com/2025/07/adva...
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection , which extend...
security.googleblog.com
July 8, 2025 at 6:57 PM
Just posted a deep dive on how Chrome integrates with Advanced Protection Mode on Android. security.googleblog.com/2025/07/adva...
Wrote some words about memory safety and JITs. Basically, there are things we want out of hardware, but it's not MTE and it still involves migrating to memory safe languages
dadrian.io/blog/posts/m...
dadrian.io/blog/posts/m...
Sandboxes? In my process? It's more likely than you think.
Discussions around memory safety often focus on choice of language, and how the language can provide memory safety guarantees. Unfortunately, choosing a language is a decision made at the start of a p...
dadrian.io
July 6, 2025 at 3:58 PM
Wrote some words about memory safety and JITs. Basically, there are things we want out of hardware, but it's not MTE and it still involves migrating to memory safe languages
dadrian.io/blog/posts/m...
dadrian.io/blog/posts/m...
Reposted by David Adrian
We’re not yet sure exactly what quantum computing can do yet, and that’s exactly why we need to think about post-quantum cryptography now, @durumcrustulum.com tells EFF’s Cindy Cohn and @thejasonkelley.com on the new episode of “How to Fix the Internet."
Podcast Episode: Cryptography Makes a Post-Quantum Leap
The cryptography that protects our privacy and security online relies on the fact that even the strongest computers will take essentially forever to do certain tasks, like factoring prime numbers and ...
www.eff.org
July 3, 2025 at 2:29 PM
We’re not yet sure exactly what quantum computing can do yet, and that’s exactly why we need to think about post-quantum cryptography now, @durumcrustulum.com tells EFF’s Cindy Cohn and @thejasonkelley.com on the new episode of “How to Fix the Internet."
Guide for #a2council to just do things—
Step 1: Ask @sstrudeau.bsky.social and @akgood.bsky.social what rules to get rid of.
Step 2. Get rid of those rules.
Step 1: Ask @sstrudeau.bsky.social and @akgood.bsky.social what rules to get rid of.
Step 2. Get rid of those rules.
If #a2council would have just done things, instead of wasting time with an expensive and useless comprehensive land use plan, then John U. Bacon wouldn’t be able to post boomer misinformation about it.
June 26, 2025 at 5:29 PM
Guide for #a2council to just do things—
Step 1: Ask @sstrudeau.bsky.social and @akgood.bsky.social what rules to get rid of.
Step 2. Get rid of those rules.
Step 1: Ask @sstrudeau.bsky.social and @akgood.bsky.social what rules to get rid of.
Step 2. Get rid of those rules.
If #a2council would have just done things, instead of wasting time with an expensive and useless comprehensive land use plan, then John U. Bacon wouldn’t be able to post boomer misinformation about it.
June 26, 2025 at 1:33 PM
If #a2council would have just done things, instead of wasting time with an expensive and useless comprehensive land use plan, then John U. Bacon wouldn’t be able to post boomer misinformation about it.
Reposted by David Adrian
Still have one more slot for a sponsor for our annual Vegas event, poke @dadrian.io if you have money.
June 8, 2025 at 10:02 PM
Still have one more slot for a sponsor for our annual Vegas event, poke @dadrian.io if you have money.