Every day, we rely on our web browsers to keep our communications secure. Whether we are submitting our credit card for purchases, doing online banking, or sending email, the same fundamental security structure is being used. The lock icon displayed by web browsers might give users reason to believe that the prevailing “certificate”-based model is trustworthy, but the reality is that many vulnerabilities exist and the risks are multiplying. Hundreds of different entities located around the world have the ability to issue fraudulent certificates that will nevertheless be trusted by our browsers. Overcoming the shortcomings in the current model and working toward a better model requires cooperation of corporations, the government, developers, and users. Many of the most difficult challenges are not technical in nature but rather social or political.
For more background, see this blog post:
Web Security Trust Models
9:30am – Keynote:
Andrew McLaughlin, White House Deputy CTO, Internet Policy
10:00am – Panel:
Chris Soghoian (moderator)
Peter Eckersley, Senior Staff Technologist, Electronic Frontier Foundation
Adam Langley, Senior Software Engineer, Google
Scott Rea, Senior PKI Architect, DigiCert
Ari Schwartz, Senior Internet Policy Advisor, National Institute of Standards and Technology
Andy Steingruebl, Manager, Internet Standards and Governance, PayPal
Hosted by Princeton’s Center for Information Technology Policy and the New America Foundation.