trust architecture
2 posts
Article
The breach was the network working as intended
The 2015 Polish S incident: lateral movement from inherited permissions and automated escalation, where access was granted by position not verified at use.
Article
Let's Encrypt enforces sanctions no browser checks
Let's Encrypt's sanctions restriction gates issuance by geography, not risk. The Web PKI validates by reference, so only the issuer field changes.