Managing Miracles: Policy for the Network Society: August 2010

Wednesday, August 18, 2010

I Got Interested in Web Authentication and Security

Lately there have been some interesting developments in the fundamental structure of web security, and I've gotten involved in discussing how they are coming together. I did a post earlier this year on "Web Security Trust Models", and recently added an update called "A Major Internet Milestone: DNSSEC and SSL." This whole topic area is a fascinating convergence of technology and policy. If you want to geek out, here are a few good links:

Adam Langley's overview of DNSSEC and TLS
Dan Kaminsky's Slides on the Domain Key Infrastructure
EFF's Slides on their SSL Observatory project
Jason Roysdon talking about how "SSL CAs should become hierarchical, the same as the DNSSEC trust model is."
My rantings on mozilla.dev.security.policy
My rantings on the brand new IETF list, keyassure

[Update: oops, forgot to mention that I got a quote in the NYT. It's actually an awful quote... I sound like a valley girl ("This is, like, totally important, you know?"). Other than that, the gray lady got the story right.]

About

I'm Steve Schultze, and this is an old blog that I no longer maintain. I am the former Associate Director of the Center for Information Technology Policy at Princeton, former fellow at the Berkman Center for Internet and Society at Harvard, etc. I currently work at the US Department of State on issues related to Internet Freedom. The opinions here are entirely my own and do not reflect the views of my employers -- current or past. I'm interested in how the Internet affects law and public policy. Please comment, and feel free to email me at steve-at-schultze_com. I tweet at @sjschultze.