Steve Schultze – Your Browser is Compromised:CITP Luncheon Series
Dirty Secrets of Certificate Security
Date: Thursday, March 11, 2010
Time: 12:30 -1:30 pm
Location: 306 Sherrerd Hall
Food and discussion begins at 12:30 pm. Everyone invited.
The current browser model of trust for communicating with secure third parties is fundamentally flawed, but even in the security community few people appreciate this fact. Most browsers come pre-defined with dozens of third-parties who are granted god-like power over your web connections, despite the fact that you have no idea who they are. Do you trust the Turkish, Brazilian, or Chinese government to refrain from snooping on your traffic? As a technical matter, you already do. We will discuss why this is the case, how we got here, and what alternatives might exist. For background reading, see the following posts from Freedom to Tinker:
- Mozilla Debates Whether to Trust Chinese CA
- Web Security Trust Models
- Web Certification Fail: Bad Assumptions Lead to Bad Technology
Stephen is Associate Director of Princeton’s Center for Information Technology Policy. He supervises many aspects of the Center’s operations and research, including work on open government, computer security, privacy, telecommunications policy, and electronic voting. His personal research interests include public access to court records. He helped develop RECAP, a tool to help make federal court documents freely available online. He has written about communications policy, including recent work that contributed to the FCC’s national broadband plan. Before joining Princeton he was a fellow at the Berkman Center for Internet & Society at Harvard. He also received a Masters in Comparative Media Studies from MIT and holds a Bachelor’s Degree in Computer Science.