Talks/proposed/reboot_the_web.md

#infos

auth-name       : substack
tag             : browser, crypto, web

advance costs   : N
need room       : Y
Location        : Oakland (but I will be in Paris)
Can host ppl    : N


# REBOOT THE WEB

Browsers have been quietly and methodically adding native crypto primitives,
but one gaping attack vector remains: every time you load a page, you load code
directly from the server.

The person running that server can be coerced, hacked, or forced by sealed court
order to change that javascript payload at any time. What we need to make web
crypto viable is a bootloader for the web. Luckily, this is now possible by
abusing the new application cache API to brick a website except for a
whitelisted update feed. Now the user can finally be in control of which updates
they get from web pages, making browser crypto much more secure while preserving
all the usability benefits of the web.
reboot the web 10 years ago			`#infos`

			`auth-name : substack`
			`tag : browser, crypto, web`

			`advance costs : N`
			`need room : Y`
			`Location : Oakland (but I will be in Paris)`
			`Can host ppl : N`


			`# REBOOT THE WEB`

			`Browsers have been quietly and methodically adding native crypto primitives,`
			`but one gaping attack vector remains: every time you load a page, you load code`
			`directly from the server.`

			`The person running that server can be coerced, hacked, or forced by sealed court`
			`order to change that javascript payload at any time. What we need to make web`
			`crypto viable is a bootloader for the web. Luckily, this is now possible by`
			`abusing the new application cache API to brick a website except for a`
			`whitelisted update feed. Now the user can finally be in control of which updates`
			`they get from web pages, making browser crypto much more secure while preserving`
			`all the usability benefits of the web.`