Friday, July 18, 2014: 11:00 pm (Serpico): After the Snowden disclosures, it was revealed that the NSA and NIST were subverting the open standards process by intentionally weakening the security of the core standards that form the foundation of the web and Internet. Now, more than ever, we need cryptographically strong standards and verified open source libraries for these standards. The humble origins of the IETF and the W3C will be discussed, as will the efforts taken by open standards to combat pervasive surveillance via workshops like STRINT and the "perpass" mailing list, and the new standardization work that is likely to result. In particular, the focus will be on the myriad problems implicit in putting cryptography into the web security model with the W3C Web Cryptography API, as well as attempts to analyze properties of this JavaScript API by using techniques from formal proof-proving. There's also new work from the W3C on decentralized social networking - and all the security problems that entails! Most importantly, you'll learn how you can get involved to help build open standards to build what Tim Berners-Lee calls the "Web We Want" - and stop the web from being subverted.

Harry Halpin