- Adam Langley's overview of DNSSEC and TLS
- Dan Kaminsky's Slides on the Domain Key Infrastructure
- EFF's Slides on their SSL Observatory project
- Jason Roysdon talking about how "SSL CAs should become hierarchical, the same as the DNSSEC trust model is."
- My rantings on mozilla.dev.security.policy
- My rantings on the brand new IETF list, keyassure
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Wednesday, August 18, 2010
I Got Interested in Web Authentication and Security
Lately there have been some interesting developments in the fundamental structure of web security, and I've gotten involved in discussing how they are coming together. I did a post earlier this year on "Web Security Trust Models", and recently added an update called "A Major Internet Milestone: DNSSEC and SSL." This whole topic area is a fascinating convergence of technology and policy. If you want to geek out, here are a few good links:
Monday, February 22, 2010
How Do You Trust On the Web?
Over at Freedom to Tinker, I've done a post outlining different models for web security trust models. This issue intersects with policy because it helps determine who we trust with our communications.
Web Security Trust Models
I will try to lay out the different types of models on a high level, and I encourage corrections or clarifications. It's worth re-stating that what we're talking about is how you as a web user know that who you are talking to is who they claim to be (if they are, then you can be confident that your other security measures like end-to-end encryption are working). (more...)
Subscribe to:
Posts (Atom)