Amarjeet Shukla

A Certificate Policy defines what a CA will do. A Certification Practice Statement defines how it does it. Here's what they contain, why auditors care, and where gaps between CP and CPS create real risk.

Most enterprises have 10x more SSH keys than they think, with no inventory, no rotation, and no offboarding. Here's how to get SSH key sprawl under control before it becomes a breach.

IoT devices need cryptographic identity for authentication and encrypted communication. Here's how PKI works at device scale, what's different from server PKI, and where IoT certificate management fails.

Mutual TLS (mTLS) requires both client and server to present certificates during the handshake, enabling cryptographic identity verification for service-to-service communication. Here's how it works, where it's deployed, and what breaks.

TLS 1.3 removed insecure algorithms, reduced handshake latency to 1-RTT, and encrypted more of the handshake. Here's what changed, what was removed, and what breaks during migration.

Machine identities outnumber human identities 45:1 but are managed with 10% of the rigor. Here's why this gap exists, what the risks are, and how to build a machine identity management program.

Certificate validity periods are shrinking from 398 days to 90 days. Here's why shorter lifetimes reduce risk, what the CA/Browser Forum proposals mean for operations, and how to prepare.

A TLS handshake is the negotiation process that establishes an encrypted connection between client and server. Here's how TLS 1.3 reduced it to one round trip, what happens at each step, and where it fails.

PCI DSS 4.0 introduced new cryptographic requirements including cipher suite inventory, certificate lifecycle documentation, and stronger key management. Here's what's new, what's mandatory by March 2025, and how to prepare.

A TLS certificate binds a public key to a domain identity, enabling encrypted HTTPS connections. Here's how it works, where it breaks, and what engineers need to know.