hpk42
/
Talks
forked from Squatconf/Talks
1
0
Fork 0
Code Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '086b72a78b'
${ noResults }
Talks/01_paris_15-nov-2014/reboot_the_web.md

896 B
Raw Blame History

#infos

auth-name : substack tag : browser, crypto, web

advance costs : N need room : Y Location : Oakland (but I will be in Paris) Can host ppl : N

REBOOT THE WEB

Browsers have been quietly and methodically adding native crypto primitives, but one gaping attack vector remains: every time you load a page, you load code directly from the server.

The person running that server can be coerced, hacked, or forced by sealed court order to change that javascript payload at any time. What we need to make web crypto viable is a bootloader for the web. Luckily, this is now possible by abusing the new application cache API to brick a website except for a whitelisted update feed. Now the user can finally be in control of which updates they get from web pages, making browser crypto much more secure while preserving all the usability benefits of the web.