Upload File

let’s encrypt - world wide web consortium · let’s encrypt olivier yiptong...

  • Home
  • Documents
  • LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong [email protected]. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS
23
LET’S ENCRYPT Olivier Yiptong [email protected]

Upload: others

Post on 20-Jun-2020

5 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

LET’S ENCRYPTOlivier Yiptong

[email protected]

mailto:[email protected]
Page 2: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PRIVACY MATTERS

Page 3: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PRIVACY MATTERS: HTTPS

• Confidentiality

• Data Integrity

• Authentication

Page 4: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

NO PRIVACY: HTTP

• Public-only communication

• (Possibly?) Tampered messages

• Of dubious origin

Page 5: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PUBLIC COMMUNICATIONS

Page 6: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PUBLIC COMMUNICATIONS

• Firesheep

Page 7: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PUBLIC COMMUNICATIONS

• Firesheep

• Google

Page 8: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PUBLIC COMMUNICATIONS

• Firesheep

• Google

• AT&T

Page 9: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

TAMPERING

Page 10: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

TAMPERING

• Verizon Perma-Cookies

Page 11: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

TAMPERING

• Verizon Perma-Cookies

Page 12: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

TAMPERING

• Verizon Perma-Cookies

• Comcast ad injection

Page 13: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

TAMPERING

• Verizon Perma-Cookies

• Comcast ad injection

• China - GitHub

Page 14: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

OF DUBIOUS ORIGIN

Page 15: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

• Turk Telecom

OF DUBIOUS ORIGIN

Page 16: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

• Turk Telecom

• China Netcom

OF DUBIOUS ORIGIN

Page 17: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

• Turk Telecom

• China Netcom

• AT&T

OF DUBIOUS ORIGIN

Page 18: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

PRIVACY MATTERS: HTTPS

• Encryption (Private communication)

• Data Integrity (Certainly untampered)

• Authentication (Certain of origin)

Page 19: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

HTTPS FOR YOU

• Remove industrial espionage vector

• No customer hijacking

• No impersonation

Page 20: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

HTTP DEPRECATION

• Firefox: non-secure website won’t have access to new features

• Chrome: display websites over HTTP as non-secure

Page 21: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

UPCOMING FUNCTIONALITY

• HTTP/2 (TLS-only on Firefox, Chrome and IE)

- bandwidth + latency gains

• Advanced Caching (ServiceWorkers)

Page 22: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

POSSIBLE UPGRADE PATH

• Referrer Policyhttp://www.w3.org/TR/referrer-policy

• Upgrade Insecure Requestshttp://www.w3.org/TR/upgrade-insecure-requests/

http://www.w3.org/TR/referrer-policy
http://www.w3.org/TR/upgrade-insecure-requests/
Page 23: LET’S ENCRYPT - World Wide Web Consortium · LET’S ENCRYPT Olivier Yiptong oyiptong@mozilla.com. PRIVACY MATTERS. PRIVACY MATTERS: HTTPS

[email protected]

mailto:[email protected]

WebAuthn: Beyond the Password · Subresource Integrity HTTPS Work Elsewhere Let’s Encrypt Certificate Transparency HSTS. WebAppSec: Enlisting the User Agent in Cooperative Policy

Encrypt all transports

Configurando SSL com Let’s Encrypt, Easy Engine e WP-CLI

Let’s Encrypt and DANE - ENOGs_Encrypt+DANE.pdf · Let’s Encrypt, DANE and email Validity of Let’s Encrypt certificate is 90 days – By default the underlying key is changed

Laptonics Profile & Encrypt

HTTPS + Let's Encrypt

PROJECT, STSsecurityplus.or.kr/data/2016/opensource/sts/LetsEncrypt... · 2016. 2. 11. · ⓒ2016 SecurityPlus All Right Reserved PROJECT, STS LET’S ENCRYPT USER GUIDE BOOK V1.0

How to encrypt and protect your moodle site for free with let's encrypt

Hướng dẫn cài đặt SSL miễn phí Let’s Encrypt trên hosting ... · Hướng dẫn cài đặt SSL miễn phí Let’s Encrypt trên hosting DirectAdmin Thứ tư, 26

Internet Engineering Task Force (IETF) R. Barnes ISSN ...Let’s Encrypt J. Kasten University of Michigan March 2019 Automatic Certificate Management Environment (ACME) Abstract Public

CFX ENCRYPT AES

Making Internet Security Accessible to Everyone · However, until Let’s Encrypt there was a potentially significant cost to administering server certificates. Let’s Encrypt is

Let’s Encrypt Apache Tomcatschultz/ApacheCon NA 2019/Let...Apache Tomcat Provides Services – Java Naming and Directory Interface (JNDI) – JDBC DataSource, Mail Session via JNDI

Let’s Encryptap.hamakor.org.il/2017/presentations/letsencrypt_ap2017.pdfLet’s Encrypt A FREE and Automated CA, gets you a browser-trusted certificate if one can prove domain ownership

Encrypt Basics

NUS Computing - Privacy-Preserving Sensor Cloudchangec/publications/2016... · 2017-04-12 · Sensors are spatially arranged. Sensors continuously sense, encrypt and stream samples

Symmetric Cryptography - Startseite TU Ilmenau Block Ciphers - Modes of Encryption 4 Time = 1 Time = 2 Time = n Encrypt C1 K P2 Encrypt C2 K Pn Encrypt Cn Encrypt ... K... C1 Decrypt

Let’s Encrypt as a Startup Success Storys Encrypt as a...Monitoring and Centralized Logging Monitoring of service performance and uptime typically occurs early, but security monitoring

Kleopatra email encrypt

Let's Encrypt

Let’s Encrypt Apache Tomcatschultz/ApacheCon NA... · Let’s Encrypt Apache Tomcat* * Full disclosure: Tomcat will not actually be encrypted. Christopher Schultz Chief Technology

Minting Free Certificates for the Entire Web Let’s Encrypt · Let’s Encrypt: Began as a merger of EFF/UMich & Mozilla projects Is now housed in its own nonprofit, the Internet

A Free Certificate Authority to Encrypt the Entire Web · sudo apt-get install lets-encrypt sudo lets-encrypt and the lets-encrypt client will not only obtain, but also deploy, the

Let's Encrypt!

INTERNET SAFETY Thornell Road Library 2015. Let’s Discuss: Information Privacy Social Networking CyberbullyingNetiquette

Let’s Check Let’s Encrypt: A Tool for Code-Driven Threat Modeling

No Encrypt Logfile

Let’s Encrypt - HKNOG€¦ · Let’s Encrypt - Introduction SSL CA Initiative from the Electronic Frontier Foundation (EFF) Some major sponsor: Mozilla, Cisco, Akamai, Facebook

Let's Encrypt: An Automated CertificateAuthority to ...Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web CCS ’19, November 11–15, 2019, London, United

Encrypt Logfile

Configurando SSL com Let’s Encrypt, EasyEngine e WP-CLI

Premier retour sur Let's EncryptUtilisation de Let’s Encrypt Conclusions Des questions? Premier retour sur Let’s Encrypt Pierre-Yves Bonnetain [email protected] B&A

Databit files encrypt

LET’S TALK ABOUT PRIVACY!

ENCRYPT - SimplyScripts