# Digital garden @fimbault ## Posts in English ### Blog posts Previously hosted on medium, I'm now on my own [blog](https://blog.fimbault.com). That's where you'll find longer opinion pieces. ### EN 2022 I aim to use way less my social accounts these days, focusing on deep work. [GNAP security model](https://www.linkedin.com/posts/fimbault_gnap-security-model-activity-6891758743571230720-7zBi) ### EN 2021 [We just published the final report of our mediam project (funded by NGI_TRUST), related to cybersecurity in healthcare](https://www.linkedin.com/posts/fimbault_cyber-security-for-connected-medical-devices-activity-6805768805508251648-p2TV) [Presentation at OID 2021](https://oid2021.compute.dtu.dk/prog.html) [Privacy risks in 2021 vs 2014 according to owasp](https://www.linkedin.com/posts/fimbault_privacy-owasp-activity-6801146822325809152-kWKo) [Mutually incompatible implementations of the same cryptographic RFC (ed25519)](https://www.linkedin.com/posts/fimbault_oups-so-many-mutually-incompatible-implementations-activity-6796004645555752961-u0tF) [Rust officially on android](https://www.linkedin.com/posts/fimbault_rust-in-the-android-platform-activity-6795639326022656000-Emh7) [Living in a landmine 💣](https://www.linkedin.com/posts/fimbault_living-in-a-landmine-source-httpsxkcdcom-activity-6793915286836903936-H5Qp) [Why should you GNAP?](https://www.linkedin.com/posts/fimbault_authorization-grants-beyond-oauth-20-activity-6792460343022010368-RkIX) [What's the effect of covid on entrepreneurship?](https://www.linkedin.com/posts/fimbault_covid-entrepreneurship-activity-6791335999734657024-_oWJ) [If risk auditing becomes "more commercial", it should raise bells](https://www.linkedin.com/posts/fimbault_risk-compliance-activity-6790549186770198528-QLVL) [Regulate AI except when...](https://www.linkedin.com/posts/fimbault_ai-regulation-draft-activity-6788389701045805056-wnxM) [Microservices, from zero to prod. What can go wrong?](https://www.linkedin.com/posts/fimbault_microservices-activity-6787708527721947136-2Nm-) [When less is more](https://www.linkedin.com/posts/fimbault_adding-is-favoured-over-subtracting-in-problem-activity-6786276649764732929-kxTP) [Russia vs #US in the cyber realm](https://www.linkedin.com/posts/fimbault_russia-us-activity-6785920077750435840-z_FN) [Privacy might eventually require a fiduciary requirement on digital providers](https://www.linkedin.com/posts/fimbault_privacy-fiduciary-digital-activity-6785854754217091073-V8Ao) [The US Supreme Court has ruled the Google v. Oracle case about API copyright](https://www.linkedin.com/posts/fimbault_googlevoracle-api-copyright-activity-6785112804782333952-hfaP) [What was the question asked to Deep Thought as the Ultimate Question of Life, the Universe, and Everything?](https://www.linkedin.com/posts/fimbault_what-was-the-question-asked-to-deep-thought-activity-6780758416815140864-I1iu) [Prince 🤴 or unicorn 🦄?](https://www.linkedin.com/posts/fimbault_wsj-news-exclusive-prince-harry-is-taking-activity-6780145709074194433-0lU4) [What's wrong with NIST definition of risk? An analogy with road closures](https://www.linkedin.com/posts/fimbault_nist-cyberrisk-activity-6778622294429364224-APzL) [What is China's strategy for the internet?](https://www.linkedin.com/posts/fimbault_xi-once-worried-about-the-internet-but-now-activity-6778314695683170304-aL94) [Do your ransomware operators target organizations that have cyberinsurance?](https://www.linkedin.com/posts/fimbault_i-scrounged-through-the-trash-heaps-now-activity-6778236268632444928-DYg2) [Just let it sink in](https://www.linkedin.com/posts/fimbault_just-let-it-sink-activity-6777925219853119488-a5su) [Keeping fiduciaries honest](https://www.linkedin.com/posts/fimbault_i-care-a-lot-netflix-official-site-activity-6777245898343886848-r7N6) [🍏mystery solved](https://www.linkedin.com/posts/fimbault_naming-startups-is-hard-mystery-solved-activity-6776034432261390336-vyKR) [The EU Data Protection Board opposes Council's ePrivacy that would legally favor the weakening of encryption technologies](https://www.linkedin.com/posts/fimbault_eprivacy-activity-6775444008157138944-FBpZ) [Would you detect a scam?](https://www.linkedin.com/posts/fimbault_ex-con-man-says-every-scam-has-one-of-these-activity-6775352575911878656-JHIl) [What do shark bytes and cyber attacks have in common?](https://www.linkedin.com/posts/fimbault_usenix-enigma-2021-da-da-what-shark-conservation-activity-6774961887823114241-RPEC) [Bear my token](https://www.linkedin.com/posts/fimbault_bearer-activity-6774715182670262272-pSD_) [Bigtech is mutating](https://www.linkedin.com/posts/fimbault_bigtech-activity-6773253041513672704-eNxN) [Schnorr breaks RSA?](https://www.linkedin.com/posts/fimbault_rsa-schnorr-cryptosystems-activity-6773166781998661632-nd5V) [Cyberinsurance by google](https://www.linkedin.com/posts/fimbault_google-cloud-risk-protection-program-now-activity-6772804067237380096-M5HA) [SSF ads against weak passwords](https://www.linkedin.com/posts/fimbault_the-swedish-internet-security-organisation-activity-6772556060759793664-_yks) [CNAME tracking](https://www.linkedin.com/posts/fimbault_cname-activity-6772218233278783488-t1Uz) [Sell your DNA for 95 bucks](https://www.linkedin.com/posts/fimbault_evolving-public-views-on-the-value-of-one-activity-6770660951927644161-g2dE) [Clubhouse dark privacy patterns](https://www.linkedin.com/posts/fimbault_when-fomo-trumps-privacy-the-clubhouse-edition-activity-6769548543880413184-YNwW) [Against biometric surveillance](https://www.linkedin.com/posts/fimbault_reclaim-your-face-ban-biometric-mass-surveillance-activity-6768258018875379713-IHz0) [Sarah O'Conor on robots](https://www.linkedin.com/posts/fimbault_she-knows-her-stuff-httpslnkdinet8suw-activity-6767136029121015808--m2g) [Questions for DIF KERI](https://www.linkedin.com/posts/fimbault_dif-keri-activity-6767112657356034049-fk6L) [Just submitted a paper for peer review, yeah!](https://www.linkedin.com/posts/fimbault_just-submitted-a-new-paper-to-peer-review-activity-6767009659137118208-0gn2) [EU study on the value of opensource](https://www.linkedin.com/posts/fimbault_how-much-are-open-source-developers-really-activity-6766315876007374848-0_fi) [Business model innovation for cybercriminals](https://www.linkedin.com/posts/fimbault_broker-ransomware-activity-6765549824541544448-98S1) [Project management delivered, back in the days](https://www.linkedin.com/posts/fimbault_projectmanagement-activity-6765542753687392256-Yum8) [The global cost of ransomware](https://www.linkedin.com/posts/fimbault_ransomware-activity-6765324786349469696-Opib) [IoT security gets its parody](https://www.linkedin.com/posts/fimbault_footfallcam-reacts-activity-6765289379356315648-jqiO) [Defining characteristics of a programming language](https://www.linkedin.com/posts/fimbault_people-often-ask-me-the-defining-characteristic-activity-6762664161672495104-OMFJ) [Open except from](https://www.linkedin.com/posts/fimbault_open-except-from-an-interesting-thread-activity-6761989603353276416-sBO8) [Dirtydancing 2.0 - I robot can do the twist](https://www.linkedin.com/posts/fimbault_do-you-love-me-activity-6761984751734710272-Bg8a) [Fake Stallone got busted](https://www.linkedin.com/posts/fimbault_bulgarian-fraudsters-use-fake-stallone-passport-activity-6761596921405587456-DFb0) [Agile estimation = astrology for devs](https://www.linkedin.com/posts/fimbault_agile-noestimate-noproject-activity-6760826176559747072-8Jhs) [Comparing software business models](https://www.linkedin.com/posts/fimbault_businessmodels-activity-6760133854373183488-8lSW) [Elastic relicensing to SSPL](https://www.linkedin.com/posts/fimbault_i-am-real-mad-about-the-elastic-relicense-activity-6759428117862912001-zpio) [Amanda Gorman](https://www.linkedin.com/posts/fimbault_for-there-is-always-light-if-only-were-brave-activity-6758676958906773504-BW9h) [Awareness isn't enough against cyber threats](https://www.linkedin.com/posts/fimbault_awareness-activity-6758371836825792512-CWBU) [Privacy in the browser](https://www.linkedin.com/posts/fimbault_browser-activity-6758313619403919360-vyDF) [When venture capitalists become media - a16z](https://www.linkedin.com/posts/fimbault_if-tech-investors-cut-out-the-traditional-activity-6757970736276664320-jNc4) [What's new in appsec for 2021](https://www.linkedin.com/posts/fimbault_owasp-top-10-2021-statistically-calculated-activity-6757332708017401856-A4Ot) [EU right to repair, a challenge for software](https://www.linkedin.com/posts/fimbault_dont-toss-it-fix-it-europe-is-guaranteeing-activity-6757187666200068096-GFuS) [Mobile OS privacy concerns](https://www.linkedin.com/posts/fimbault_how-law-enforcement-gets-around-your-smartphones-activity-6756960900239941632-79cF) [Please confirm you're not a robot](https://www.linkedin.com/posts/fimbault_robot-activity-6755854732293664768-WDO5) [Oracle vs opensource DBs](https://www.linkedin.com/posts/fimbault_open-source-database-management-systems-are-activity-6755211773059612672-48p2) [Visa won't plaid](https://www.linkedin.com/posts/fimbault_visa-abandons-planned-acquisition-of-plaid-activity-6755001820130680832-NFrY) [When could quantum computers be a reality ?](https://www.linkedin.com/posts/fimbault_quantum-activity-6754826958770630656-egmu) [Third party cyber risks](https://www.linkedin.com/posts/fimbault_cyberrisks-activity-6752237212408041472-SGRM) [Github will deprecate passwords](https://www.linkedin.com/posts/fimbault_token-authentication-requirements-for-git-activity-6752147993052409856-Rfs6) [Which innovations will come true in the next decades?](https://www.linkedin.com/posts/fimbault_att-you-will-commercials-high-quality-activity-6747155074205724673-pDvl) [The new laws of robotics](https://www.linkedin.com/posts/fimbault_robotics-activity-6745614259322982400-V1mH) [Paying a cyber ransom should be made illegal](https://www.linkedin.com/posts/fimbault_five-key-takeaways-from-ofac-and-fincens-activity-6745654156960301056-XXNg) [Biometric AI raises ethical questions](https://www.linkedin.com/posts/fimbault_sci-fi-surveillance-europes-secretive-push-activity-6745223844748959744-WX-m) [Appsec flaws per language](https://www.linkedin.com/posts/fimbault_appsec-activity-6745055763317760000-Jyg2) [Names don't constitute knowledge - Feynman](https://www.linkedin.com/posts/fimbault_richard-feynman-names-dont-constitute-activity-6743723651109064704-7ms4) ## Posts en Français ## Cours en Français [Gouvernance des SI](https://www.linkedin.com/pulse/gouvernance-et-architecture-des-syst%C3%A8mes-dinformation-imbault-phd/) [Sécurité des applications](https://www.linkedin.com/pulse/cours-sur-la-s%C3%A9curit%C3%A9-des-applications-fabien-imbault-phd/) [Entrepreneuriat social, durable, éthique](https://www.linkedin.com/pulse/entrepreneuriat-social-durable-et-%C3%A9thique-fabien-imbault-phd/) [Vendre son innovation (par un entrepreneur pour les entrepreneurs)](https://www.linkedin.com/pulse/vendre-son-innovation-par-un-entrepreneur-pour-les-imbault-phd/) ### FR 2021 [Google rame à se défendre de pratiques anticoncurrentielles](https://www.linkedin.com/posts/fimbault_projet-bernanke-le-projet-secret-de-google-activity-6787989270876487680-VTqK) [Les nouvelles recettes de la pub en ligne](https://www.linkedin.com/posts/fimbault_cookies-marmiton-allocine-activity-6787251555377700864-sPt6) [Vive les conflits !](https://www.linkedin.com/posts/fimbault_conflits-activity-6778637022321020928-Hi7G) [Vendre vos données personnelles, une bonne idée ?](https://twitter.com/fimbault/status/1370405453612584965) [Quand la boring architecture ne suffit plus - Doctolib](https://www.linkedin.com/posts/fimbault_doctolib-le-chiffrement-des-donn%C3%A9es-incomplet-activity-6774988589597044736-30US) [Conservation des données par l'état](https://www.linkedin.com/posts/fimbault_conservation-donnaezes-etat-activity-6772917157291462656-KDQk) [Comble de la sensibilisation au phishing](https://www.linkedin.com/posts/fimbault_cyberphishing-activity-6772836283124375552-C9ux) [C'est pas moi, c'est le stagiaire - Solarwinds](https://www.linkedin.com/posts/fimbault_solarwinds-told-congress-that-an-intern-was-activity-6771832061578801153-rSwN) [Fuite des données de santé de 500.000 français - Dedalus](https://www.linkedin.com/posts/fimbault_un-leader-europ%C3%A9en-des-donn%C3%A9es-de-sant%C3%A9-activity-6770317681632583680-ek1j) [Mon stagiaire de 3e code son jeu](https://www.linkedin.com/posts/fimbault_quand-ton-jeune-stagiaire-de-3e-est-reparti-activity-6768556053874429952-JQHy) [Nous voulons juste que Danone soit géré convenablement](https://www.linkedin.com/posts/fimbault_nous-voulons-juste-que-danone-soit-g%C3%A9r%C3%A9-activity-6767787014751338496-A4oU) [La balkanisation du cloud](https://www.linkedin.com/posts/fimbault_the-balkanization-of-the-cloud-is-bad-for-activity-6767400590315192320-jSiw) [Cartographie du startups en France](https://www.linkedin.com/posts/fimbault_la-france-des-start-up-en-quatre-cartes-in%C3%A9dites-activity-6767346378101325824-kXYN) [Identifier les internautes ? - DigitalServiceAct](https://www.linkedin.com/posts/fimbault_digitalserviceact-aezthiques-activity-6766322888246132736-bDW-) [Mot de passe stocké en clair...](https://www.linkedin.com/posts/fimbault_slack-pour-android-stockait-les-mots-de-passe-activity-6765964368204087296-CCVW) [Peut-on être CTO sans coder?](https://www.linkedin.com/posts/fimbault_cto-obsolescence-manager-activity-6760207513032962048-3GkB) [J'adore mon globe](https://www.linkedin.com/posts/fimbault_mova-globes-a-rotating-solar-system-powered-activity-6759078091647172608-00Nx) [Prédiction littéraire de 2021](https://www.linkedin.com/posts/fimbault_prediction-activity-6758602985221218304-aF_n) [L'accord de confidentialité devrait être une exception](https://www.linkedin.com/posts/fimbault_ndas-activity-6758419876525748225-8b7-) [Le plan quantique français](https://www.linkedin.com/posts/fimbault_quantique-activity-6758321431643246592-Hndf) [Vivement la 5G dans l'arctique](https://www.linkedin.com/posts/fimbault_theres-a-digital-infrastructure-race-taking-activity-6758281683700658176-34YT) [Le débat sur le 5G devient explosif](https://www.linkedin.com/posts/fimbault_fait-divers-retour-sur-les-faits-les-cons%C3%A9quences-activity-6755438403556319232--4tm) [Sous-marin nucléaire Nord Coréen](https://www.linkedin.com/posts/fimbault_pyongyang-pr%C3%A9voit-de-se-doter-dun-sous-marin-activity-6754368465198469121-z_7k) [Vers une plus grande responsabilité sociétale des entrepreneurs](https://www.linkedin.com/posts/fimbault_french-tech-le-temps-de-lindulgence-est-activity-6752848948748152832-OXSh) [Résilience des systèmes cyberphysiques critiques en Europe](https://www.linkedin.com/posts/fimbault_press-corner-activity-6752131273705238528-C_yp) [On se prend à rêver ... ou pas (risque nucléaire)](https://www.linkedin.com/posts/fimbault_on-se-prend-%C3%A0-r%C3%AAver-de-l%C3%A9poque-o%C3%B9-la-seule-activity-6751821929646239744-pqKe) [Vers l'opensource éthique?](https://www.linkedin.com/posts/fimbault_y-a-t-il-de-la-place-pour-l%C3%A9thique-dans-activity-6754779051321286656-QaEs) [Une décennie, ça commence quand?](https://www.linkedin.com/posts/fimbault_bonne-nouvelle-d%C3%A9cennie-oui-jai-v%C3%A9rifi%C3%A9-activity-6750769069810606080-o_Ar) ## Other resources There's also my [basic personal website](https://fimbault.com/), [blog](https://blog.fimbault.com/), [github](https://github.com/fimbault), [twitter](https://twitter.com/fimbault) and [newsletter](https://www.getrevue.co/profile/fimbault). My current publication policy: - short posts on linkedIn - longer pieces on hashnode (I replaced from medium, because I can use my own DNS record) - twitter mostly as a kind of news digest - weekly newsletter on revue - public code on github (either for teaching purposes or opensource project) - research papers (list available on linkedin) Maybe in the future I'll start a podcast (I'll like to, but only if it really brings significant value), who knows. ## Why I'm doing this This started because retrieving my own public posts, especially on [linkedin](https://www.linkedin.com/in/fimbault/), is a nightmare (no proper search system, scrolling back in time within linkedin is a pain). So the posts are grouped by language and ordered by date (newest on top, linkedin history back to the start of 2021). It's using hackMD because: - My needs are really basic (although a [Luhmann's Zettlekasten](https://medium.com/emvi/luhmanns-zettelkasten-a-productivity-tool-that-works-like-your-brain-abe2d53a2948) - such as [athens](https://github.com/athensresearch/athens) would be nice) - But I need to aggregate content from various sources - I also have some content in English, some in French - All the content is public, so in that case, I don't care about security, sovereignty, or even availability (to a certain extent) - A live markdown editor from the browser is cool (and most importantly, simple on all devices) - I don't want to spend to much time on it, so a nocode / no hosting solution is prefered - But I don't want to be fully locked into yet another proprietary system (like notion), and hackMD is opensource and has an integration with github (of course freedom is very relative here, I still rely on very centralized services...) ## Creative Commons Views are my own. If that's useful to someone else, all content is [CC-BY-NC](https://creativecommons.org/licenses/by-nc/4.0/).
Last changed by  
fimbault
3586

Read more

HTTP signatures

:memo: Inputs Intro video Spec HTTP message signature Github Github issues Interim - some criticisms to check, slides missing

4/8/2021
subject identifier discussion

This note is for discussion only (as a starting point, to be discussed in IETF110) :memo: Backlog for subject identifier List of related issues Approx 10% of currently open issues. [ ] 198 definition of a Subject in section 1.3 [ ] 197 requesting User Information [ ] 178 sub_ids and different contexts [ ] 171 subject identifiers as portable identifiers

3/8/2021
Read more from fimbault
Published on HackMD