Salvatore (Sal) D'Agostino’s Post

“The credential doesn’t get issued to the wallet it gets issued to the holder. The holder can store it anyway they want. Of course we’d prefer a privacy enhancing approach with certification. The holder needs to choose or we’ll have wallet based silos.” Very interesting comment from Pramod Varma of EkStep Foundation regarding choice and full user-centric design. #EIC2024

🌟 Ever wondered how top level domains work? 🤔 Let's break it down for you! #TLD #domains 1️⃣ Top Level Domains (TLDs) are the highest level in the Domain Name System hierarchy. 2️⃣ TLDs are divided into two main categories: generic TLDs (gTLDs) and country code TLDs (ccTLDs). 3️⃣ Examples of gTLDs include .com, .org, .net, and .info, while ccTLDs are specific to countries (e.g. .uk for United Kingdom, .jp for Japan). 4️⃣ The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing TLDs and ensuring they operate smoothly. 5️⃣ Registering a domain under a TLD typically involves going through a domain registrar that is accredited by ICANN. 6️⃣ Some TLDs have specific registration requirements, such as verifying your eligibility to use a ccTLD. 7️⃣ New TLDs, such as .tech, .guru, and .design, have been introduced in recent years to provide more options for domain names. 8️⃣ TLDs play a crucial role in identifying websites and helping users navigate the vastness of the internet. Understanding how TLDs work can help you make informed decisions when choosing a domain for your website or online presence. 🌍💻 #domainname #internet101 #techknowledge

This is a login page that includes fields for entering the username and password. It also features options for "Forgot Password" and "Remember Me." Lessons Learnt: I needed to implement various login systems to understand their functionality and design a unique, user-friendly interface. This process included creating username and password input fields, and incorporating features such as "Forgot Password" and "Remember Me" options. Through this experience, I gained valuable insights into enhancing the usability and security of login pages.

The #NSLDS #FVT/ #GE User Guides have been #updated! It is important to remember that these user guides are continually updated and so thinking of them as static documents would result in outdated guidance and possibly incorrect submissions. You will want to refer to the newest versions each time you use them. The most recent update yesterday includes updates to the Introduction and Volumes 1–3. Refer to the #ChangeLog in each volume for a description of the changes. If you don't want to go searching, I have combined all of the change logs here for you!

What if we already have all the infrastructure needed to issue Verifiable (or Digital) Credentials? ID Token++ (IDT++) extends the IDT data model by adding support for cryptographic binding to digital wallets, selective disclosure, and issuer identification via WebPKI. It is issued through OIDC Authorization Servers, enabling secure and efficient credential issuance. IDT++ in action: https://lnkd.in/e2KirVXr Technical details: https://lnkd.in/e9ZWnYsH #OIDC #VerifiableCredentials #IDTokens #IDT++ #SDChaCha #WebPKI

Pxl, the 🔒 Privacy-friendly Bitly Alternative? Since acquiring Pxl 3 months ago, I have been thinking long about how to refine its market positioning, especially in the mature market for link shorteners. Initially, I focused on understanding and improving the product based on user feedback. A survey with 71 responses revealed that users love Pxl's ability for simple-to-use short links, custom domains, and especially the robust analytics. But here’s the twist: Pxl’s foundation is privacy-friendly, and it always has been. For example, visitors' IPs are hashed instead of storing them in plain text, which eliminates a major privacy concern. This discovery led me to test a new positioning: Could Pxl become the privacy-friendly alternative for link shorteners with some more work? For now, this is run as a test. Nevertheless, I’m excited to see how this privacy-first angle resonates. What do you think? When you buy software, do you consider privacy-first options to be the better choice? ⬇️ Read the full story in the first comment

Peering beyond the familiar facade of website domain names reveals the numerical backbone of the internet – IP addresses. Command Prompt (CMD) serves as our gateway to unveiling these digital identities. With a simple CMD command, 'ping', followed by a website's domain name, users can uncover its IP address. This process not only measures the response time but also reveals the numerical identity behind the user-friendly name. Another command, 'nslookup', directly queries DNS servers for comprehensive domain information, including the crucial IP address. Through these CMD commands, users gain a deeper understanding of the internet's infrastructure, deciphering the complex network of interconnected servers that power our online interactions. By mastering CMD's capabilities to find and interpret website IP addresses, users embark on a journey of digital discovery. Armed with this knowledge, they navigate the internet's intricate architecture with confidence, unlocking its hidden secrets and enhancing their online experiences. Command: ping www.website name.com Disclaimer: This information is provided solely for educational purposes. We do not support or condone any illegal activities. Users are solely responsible for their actions, and we disclaim any liability for the misuse of this information. #commands #cmd #dei #website Varun Shrivastav Amarjeet Singh Chauhan Upendra Prawal Tarun Kumar Rahul Chaudhary Himanshu Sharma Akanksha Mishra Bishal Bhattacharjee Dolly Mishra Dayalbagh Educational Institute Ansh Guglani Manisha Gupta Shreya Shrivastava Krishna Gupta LinkedIn Mahak Bansal Piyush Kumar RIYA KUMARI Kuldeep Sharma Atul sharma Sakshi Singh Aman Sharma Aditya Vardhan

https://lnkd.in/gNW9Zq5y We discuss the CISA initiative, Secure By Design and last week's event celebrating dozens of software companies and service providers who've taken the Secure By Design Pledge. What is the expectation? What are the benefits?

Read more about our standards work at the IETF in this new blog!

https://lnkd.in/dZakDTA4 I am working on an update of my 2021 cryptographic work on Split-ECDSA (SECDSA) focusing on its use as a foundation for an HSM-based European Digital Identity (EUDI) wallet with strong security and privacy properties. Each wallet transaction is coupled with a publicly verifiable proof that the wallet provider correctly and unambiguously followed instructions from the wallet/user. Sole control similar to a classical smart card is achieved by ensuring that wallet providers do not process information outside their HSMs allowing for wallet compromise, e.g. by brute forcing the user PIN. The techniques also allow for simple HSMs that manage only one base attestation key per wallet/user; other keys are derived from the base key outside the HSM, e.g. in the wallet itself. The design is easily implementable on regular HSMs as well as on eIDAS/FIPS certified HSMs using the standard PKCS#11. Each wallet authentication towards the wallet provider only requires one PKCS#11 call. Two modest PKCS#11 instruction extensions are proposed further enhancing efficiency. As these do not impact security, they allow adoption in eIDAS/FIPS certified HSMs as well. As part of the update, I first developed a functional description of an HSM-wallet architecture and heuristically couple that with eight cryptographic objectives. You can find the functional description and the cryptographic objectives here: https://lnkd.in/eBY5VuwE Comments are welcome! As soon as my update is available, I will write a post on it.