Who Watches the Watchers in Web PKI?
Speaker
Kat Joyce
Google
Host
Alin Tomescu
MIT
ABSTRACT
Since the dawn of time (well, Web PKI), certificates have been used to ensure that internet users are actually talking to the websites they think they are. Since the dawn of time (a.k.a. the mid-90s) Certificate Authorities have been trusted to Do The Right ThingTM when issuing these certificates, and watch out for baddies trying to get their hands on certificates for domains they don’t own. But what if a CA makes issuance mistakes? What if a CA is hacked? What if a CA is run by the baddies themselves?! Who watches the watchers?
Enter: Certificate Transparency.
Certificate Transparency is the latest internet security superhero. Power: detecting certificate misissuance and certificate authority misbehaviour (oooh yeah).
But seriously, capes and wearing-undies-over-skin-tight-lycra aside, what exactly is Certificate Transparency? How does it work? Why should you care? Is it even helping? Come along to this talk and find out!
SPEAKER BIO
Kat is a Software Engineer on the Trust Fabric team at Google, where she is currently focusing on building infrastructure to ensure actors within the Certificate Transparency ecosystem are operating in line with the Chrome Certificate Transparency Log Policy.
Prior to Google, Kat was a Research Engineer in the Networks and Systems research group at UCL. Kat has an MSc in Information Security from UCL, and a BSc (Hons) in Mathematics from Dalhousie University. In her spare time Kat loves to ski, swim, read, and play various musical instruments, with varying levels of success!
Since the dawn of time (well, Web PKI), certificates have been used to ensure that internet users are actually talking to the websites they think they are. Since the dawn of time (a.k.a. the mid-90s) Certificate Authorities have been trusted to Do The Right ThingTM when issuing these certificates, and watch out for baddies trying to get their hands on certificates for domains they don’t own. But what if a CA makes issuance mistakes? What if a CA is hacked? What if a CA is run by the baddies themselves?! Who watches the watchers?
Enter: Certificate Transparency.
Certificate Transparency is the latest internet security superhero. Power: detecting certificate misissuance and certificate authority misbehaviour (oooh yeah).
But seriously, capes and wearing-undies-over-skin-tight-lycra aside, what exactly is Certificate Transparency? How does it work? Why should you care? Is it even helping? Come along to this talk and find out!
SPEAKER BIO
Kat is a Software Engineer on the Trust Fabric team at Google, where she is currently focusing on building infrastructure to ensure actors within the Certificate Transparency ecosystem are operating in line with the Chrome Certificate Transparency Log Policy.
Prior to Google, Kat was a Research Engineer in the Networks and Systems research group at UCL. Kat has an MSc in Information Security from UCL, and a BSc (Hons) in Mathematics from Dalhousie University. In her spare time Kat loves to ski, swim, read, and play various musical instruments, with varying levels of success!