Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another.
We’ll start the evening at 6:00p.m. with time for networking, followed up with short talks by leading experts starting at 6:30p.m. Pizza and beer are provided! RSVP here.
Here are the confirmed speakers:
Emily Stark is a software engineer on the Google Chrome security team, where she focuses on making TLS more usable and secure. She spends lots of time analyzing field data about the HTTPS ecosystem and improving web platform features like Referrer Policy and Content Security Policy that help developers migrate their sites to HTTPS. She has also worked on the DevTools security panel and the browser plumbing that supports other security UI surfaces like the omnibox. (That green lock icon is more complicated than you'd think!)
Previously, she was a core developer at Meteor Development Group, where she worked on web framework security and internal infrastructure, and a graduate student researching client-side cryptography in web browsers. Emily has a master's degree from MIT and a bachelor's degree from Stanford, both in computer science.
How hard is it to send an HTTPS request?
In theory, sending an HTTP request over TLS is a simple matter of performing a handshake and validating a certificate chain. In practice, however, client, server, and network misconfigurations get in the way, causing hundreds of millions of HTTPS errors in Chrome every month. This talk will describe projects and results from the Chrome security team's work to understand these errors, fix as many of them as possible, and prevent new problems from cropping up.
Jon McLachlan leads security engineering at Symphony. Prior to joining Symphony he was a senior security engineer at Apple where he worked on foundational protection mechanisms for iTunes as well as digital rights management. Jon has 8 patents to his name, all in the area of security. He is a passionate biker and husband.
Symphony has taken a unique approach to delivering enterprise-grade secure communications. During the presentation you will learn how most cloud services today require an act of faith on behalf of the customer who must ‘trust’ the service provider. Symphony’s approach means that Symphony employees are unable to see customer data – it’s protected using keys controlled by customer-owned infrastructure. Symphony sets a new benchmark for safe and secure cloud communications.
An Introduction to Symphony Security
An Introduction to Symphony Security will explore how we selected our threat model, some of the technical challenges that the threat model presented, and how we overcame these technical challenges to deliver a secure, seamless communication platform.
Videos from last time
We had a great turnout last time. Here are some videos of the talks:
Brian Warner: Magic Wormhole.
Zakir Durumeric: Real World Email Delivery Security.