Author Archives: Rolf

Intelligence-Driven Cyber Defense

In a 2015 article, I argued that conventional wisdom in information security management is deeply flawed, because it requires a risk-based approach knowing well that any form of risk analysis – be it quantitative or qualitative – is somehow arbitrary … Continue reading

Posted in Uncategorized | Leave a comment


I have added a cryptology blog named CRYPTOlog to the Web site of eSECURITY Technologies Rolf Oppliger ( The aim is to answer questions related to cryptology that are of common interest. I am looking forward to receive many interesting … Continue reading

Posted in Uncategorized | Leave a comment

What is PFS and PCS?

A topic that is ultimatively important to understand the current discussions about secure and E2EE messaging is related to the different notions of secrecy. Assume some long-term keying material being compromised. What is the impact on the secrecy of the … Continue reading

Posted in Uncategorized | 3 Comments

“Off-the-record” (OTR) messaging

After the development and deployment of OpenPGP and S/MIME, it was commonly agreed that the secure messaging problem was solved, and that public key cryptography provides a viable solution: Digital signatures for authentication (and nonrepudiation) and digital envelopes for confidentiality … Continue reading

Posted in Uncategorized | 4 Comments

TLS 1.3

David Wong has created an animated TLS 1.3 specification that is more readable and accessible than the purely text-based RFC 8446.

Posted in Uncategorized | Leave a comment

TLS transcripts available for download

If you want to delve more deeply into the technical specificities and details of the TLS 1.2 and TLS 1.3 protocols, then you may consider downloading and analyzing two log files that have been captured with Wireshark (TLS12Handshake.pcapng for TLS … Continue reading

Posted in Uncategorized | Leave a comment


The 2019 program is available at There are several new courses and bootcamps on TLS 1.3, messaging security (including Signal and WhatsApp), cryptography, and cybersecurity.

Posted in Uncategorized | 2 Comments

Welcome to my eSECURITY Blog

Posted in Uncategorized | 1 Comment