This talk provides an overview of the current state of the Web Public Key Infrastructure (PKI), with updates on topics ranging from Certificate Transparency to DNS-Based Authentication of Named Entities (DANE) to automated certificate issuance (Let’s Encrypt) to short-lived certificates and the current state of revocation. We will also cover some changes that will be coming over the next several years. This will be of interest to anyone who wants to better understand the tools available to secure their web services, and the operational implications of their choices.
Melinda Shore is a Principal Security Architect at Fastly, where she works on PKI and TLS-related problems, and is a member of the Internet Architecture Board. Her computing background was originally in operating systems and distributed and parallel computing, and has spent much of her career hopping back and forth between academia and networking companies (the latter including Nokia and Cisco). She is also a core contributor to the getdns project. In addition to software development she has also been active in internet standards development, having authored a number of RFCs and chaired IETF working groups.She recently co-chaired the NDSS 2018 DNS Privacy Workshop.