June 1, 2010 (All day)

EFF Staff Technologist Seth Schoen will be speaking at Open Source Bridge in Portland, OR.

Fixing SSL security: Supplementing the certificate authority model

The most common way of using SSL/TLS encryption relies on a public-key infrastructure that puts near-absolute trust in a large number of entities around the world, any one of which could accidentally or deliberately empower anyone in between us and our communication partners to impersonate any site or service and spy on all of our communications. We’ve seen that these certificate authorities can make mistakes. CA mistakes, or collaboration with attackers, can expose us to undetectable man-in-the-middle attacks, so we need new mechanisms to meaningfully double-check that they’re doing the right thing.

I will discuss a whitepaper and research collaboration that are exploring the available sources of information that could help address this problem.

For more information: http://opensourcebridge.org/sessions/415