Web Security 2019

A1 | Fri 25 Jan | 11:35 a.m.–12:20 p.m.


Presented by

  • James Bromberger
    @JamesBromberger
    https://www.james.rcpt.to

    James started this web thing around 1995; he's been architecting and operating services across higher education, financial services, advertising, lands, transport and more across the world. In his volunteer time, he's been a Debian Linux developer since 2000. He ran LCA 2003, and helped get LCA 2014 running.

Abstract

20 years of web cryptography, and its amazing how frequently its configured sub-optimally. We've had numerous encryption algorithms, digests, protocols come, and should have GONE, but everyone has just left them on. Its time to shut out the legacy browser. The vast majority of the worlds browser install base now auto-updates, and with strict (and prescriptive) compliance in force, we get to drop the bloat form the past. In this talk we'll cover the current TRANSITIONS we're going through from a web admins perspective: TLS, Cipher Suites, HTTP Security Headers, CAs, the move to an encrypted-by-default web, and more.