Revocation is broken, here's how we're fixing it

Presented at LocoMocoSec 2018, April 6, 2018, 1:50 p.m. (40 minutes).

The certificates we obtain from a Certificate Authority underpin trust on the web. The problem is that if we lose the key for our certificate an attacker can use that certificate to successfully impersonate us for as long as it's valid, potentially years. We need a way to revoke the trust in these certificates so that they can't be abused but all current revocation mechanisms are largely useless. Let's look at the new mechanisms being introduced to address the problem of revocation.


Presenters:

  • Scott Helme - Report URI Ltd.
    Hacker, researcher, builder of things. Founded securityheaders.com and report-uri.com, Pluralsight author, BBC hacker in residence, award winning entrepreneur. Find me at scotthelme.co.uk

Links:

Similar Presentations: