2019-09-14, 18:10–18:40, Park Lane
A talk about the utterly broken chain of trust of SSL/TLS certificates and certificate pinning in the browser as a means to take back control.
Web browser developers have been betrayed by the SSL/TLS chain of trust more than once in the past. As a result they are now pinning their own certificates which means that they only trust a particular issuer. This talk gives an overview how the chain of trust works, of potential attack vectors, presents remedies that were tried and explains why they were largely unsuccessful. Finally a solution is presented how the rest of us can also regain control with a Firefox plugin that pins certificates of our choosing and warns when nasty things happen.
Working in the mobile network domain for 20 years now and writing on my blog at https://blog.wirelessmoves.com.