The State of HTTPS

Presented at HOPE Number Nine (2012), July 15, 2012, 5 p.m. (60 minutes)

Over the past couple of years, a flurry of developments and events have been happening in the world of HTTPS: from BEAST to HSTS to public key pinning and mixed scripting. Some of these are of abstract interest to technical users, and some require action on the part of webmasters. This talk will cover the broad brush strokes of these developments with a focus on how webmasters can take advantage of them and how to avoid silly configuration mistakes. In the latter part of the talk, a few expected future developments will be covered.

Presenters:

• Adam Langley
  Adam Langley works on both Google’s HTTPS serving infrastructure and Google Chrome’s network stack. From the point of view of a browser, he’s seen many HTTPS sites getting it dreadfully wrong and, from the point of view of a server, he’s part of what is probably the largest HTTPS serving system in the world.

Links:

• http://www.hopenumbernine.net/schedule/#state (Conference Schedule)
• https://infocon.org/cons/2600/HOPE Number Nine (2012)/HOPE Number Nine (2012) - The State of HTTPS.srt (subtitles)
• https://infocon.org/cons/2600/HOPE Number Nine (2012)/HOPE Number Nine (2012) - The State of HTTPS.mp4
• https://www.youtube.com/watch?v=UgHDj4_G3r4

Similar Presentations:

• ToorCon: Seattle 2008 / seeds of contempt
• AppSec USA 2017 / Test Driven Security in the DevOps pipeline
• DEF CON 1 (1993) / Virus developments and concerns