rmhrisk

WebPKI CA Revenue

• This is intended to be an appendix of sorts for WebPKI and Digital Signature related M&A + Investment + Public Offerings
• I have been in and around this space for a long time, I know some things that are not public just like you probably do, as such I have, and will continue to excluded these sorts of details.

Company	Year	Amount
BuyPass	2015	They reported revenue of 192 million Norweigan Krones in 2015; using today's exchange rate, this is about $23 million US dollars.
Quovadis	2016	WISeKey reported QuoVadis (whom they acquired) had revenue of $18

rmhrisk

Edge

Safari

Chrome

Firefox

rmhrisk

Ryans-MBP:room_react_skylink rmh$ ping google.com
PING google.com (216.58.193.78): 56 data bytes
64 bytes from 216.58.193.78: icmp_seq=0 ttl=55 time=6.156 ms
64 bytes from 216.58.193.78: icmp_seq=1 ttl=55 time=5.830 ms
64 bytes from 216.58.193.78: icmp_seq=2 ttl=55 time=7.903 ms
64 bytes from 216.58.193.78: icmp_seq=3 ttl=55 time=7.963 ms
64 bytes from 216.58.193.78: icmp_seq=4 ttl=55 time=6.510 ms
64 bytes from 216.58.193.78: icmp_seq=5 ttl=55 time=4.856 ms
64 bytes from 216.58.193.78: icmp_seq=6 ttl=55 time=6.755 ms

rmhrisk

PDF was initially released over 23 years ago, it solved a very important problem. How could you provide an electronic equivalent to paper?

As a standard, like most things evolved over decades, it’s actually pretty awful. The specification reads like it was designed by an army of people who seldom spoke and had no long term plan.

That said, it is without a doubt still one of the most important file formats on the web. Its issues are a direct result of the era it was designed in, open standards were far from the norm, the desktop was king, and the internet was primarily used for email.

A lot has changed since then, but PDF itself, though it has had more features added to its specification, has not materially changed much. Some of the larger issues with the format include:

• They are often bloated large documents making them slow to download and render,
• The layout is generally fixed and not responsive making them awkward to read on a mobile device,

rmhrisk

OSX

sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM ocsp;'

Windows

certutil -URLcache * delete

Linux

dirmngr --flush

rmhrisk

WebCrypto is relativley new but it is already used in some very popular services, some of which include:

	Description
openpgpjs	Uses WebCrypto to protect email.
1Password Teams	1Password for Teams uses WebCrypto to make sharing passwords easy.

rmhrisk

If you are going to be using Web Crypto in your application you better also get the basics of Web Security in your application taken care of. This is a list of resources that are useful when looking at the security of a web application.

TLS

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network.

Resources

• SSL Labs
• Mozilla TLS Observatory
• Mozilla SSL Configuration Generator
• Let's Encrypt

rmhrisk

A Progressive Web Appplication uses modern web capabilities to deliver an app-like user experience, these applications are sometimes built as isomorphic web applications. In these cases, much of the code that runs on the client also runs the server.

This combination of approaches and the various technologies that make them possible are being used to build a new class of web applications that can often come together quicker and in many cases are indistinguishable from native applications.

So much so, thanks to Electron, you can often wrap these web applications as "native applications". These web-native applications look great too, if you use Slack or Visual Studio Code you know what I am talking about.

I believe Web Crypto is a great addition to this toolchain. With the Web Crypto these applications can incorporate strong,

rmhrisk

We do security-oriented development in Javascript on both the server (Node) and in the browser and strive to share code whenever possible. This led us to build a few different libraries based on Web Crypto, the first of which was PKIjs.

The first commit to PKIjs, our PKI library for browsers based on Web Crypto, was in February of 2014. When we started this project Web Crypto was basically only supported by Chrome. Today that picture has changed a lot and all major browsers support it to varying degrees.

Using Web Crypto made sense to use as the cryptographic library for this project for a few reasons, one of the largest being the risks associated with Javascript based cryptography.

Though browser support for Web Crypto has improved significantly there are still a [few rough edges](https://www.boxcryptor.com/de/blog/post/bui

rmhrisk

WebPKI and Digital Signature related M&A + Investment + Public Offerings

• This was inspired by Matt Suiche's great post on cyber security M&A related activity; there is some overlap but not much.
• This is all public data.
• I have also intentionally excluded sales of WebPKI key material, not only are these prices not public but they are usually very special cases that are in-essence impossible to compare effectively.
• I have also included HSMs, Smart card, Digital signatures and CA related software companies in this list as it seems relevant.

Purchased	Purchaser	Date	Price	Structure	Notes