Paper summarizing new directions in protecting web users

Jason Holt jason at lunkwill.org
Wed Mar 8 17:26:55 EST 2006 

On Mon, 6 Mar 2006, Amir Herzberg wrote:

> I've summarized the current directions that our group is working on
> towards improving security for web users. I'll probably soon post it as
> HTML, but I'm terribly busy and so far just posted it in eCrypt as PDF,
> see at http://eprint.iacr.org/2006/083.pdf.
[...]

Amir will also be appearing next month in a panel I'm moderating on the 
challenges of practical web security at NIST's PKI conference.  Some of the 
discussions I've seen on this list led to the creation of that panel -- if we 
as cryptographers sometimes have to wrangle over what's considered trustworthy 
website behavior, how are users ever supposed to cope?

The standard flyer for that conference follows:

*** NO ON-SITE REGISTRATION!  Last day to register: March 17 ***

5th Annual PKI R&D Workshop at NIST in Gaithersburg, MD
"Making Cryptography Easy to Use"
April 4-6, 2006
http://middleware.internet2.edu/pki06/

Come join with experts from NIST, NIH, private industry and universities
around the world for our fifth workshop!


Scheduled topics include:

KEYNOTE ADDRESS
HAS JOHNNY LEARNT TO ENCRYPT BY NOW? Examining the troubled relationship
between a security solution and its users
Angela Sasse, University College London

REFEREED PAPERS:
-How Trust Had a Hole Blown In It.  The Case of X.509 Name Constraints
-Navigating Revocation through Eternal Loops and Land Mines
-Simplifying Credential Management through PAM and Online Certificate
Authorities
-Identity Federation and Attribute-based Authorization through the Globus
Toolkit, Shibboleth, GridShib, and MyProxy
-PKI Interoperability by an Independent, Trusted Validation Authority
-Achieving Email Security Usability
-CAUDIT PKI Federation - A Higher Education Sector Wide Approach

INVITED TALKS:
-NIST Cryptographic Standards Status Report, Bill Burr, NIST
-Trust Infrastructure and DNSSEC Deployment, Allison Mankin, Consultant
-Integrating PKI and Kerberos, Jeffrey Altman, Secure Endpoints Inc.
-Enabling Revocation for Billions of Consumers, Kelvin Yiu, Microsoft

PANELS:
- Digital Signatures (Moderator: David Chadwick, University of Kent)
- Domain Keys Identified Mail (DKIM) (Moderator:  Barry Leiba, IBM)
- Browser Security User Interfaces: Why are web security decisions hard and
what can we do about it?
   (Moderator:  Jason Holt, Brigham Young University)
- Federal PKI Update (Moderator - Peter Alterman, National Institutes of
Health)
- Bridge-to-Bridge Interoperations (Moderator - Peter Alterman, National
Institutes of  Health)

WORKS IN PROGRESS (WIP)  (Contact Krishna Sankar (ksankar at cisco.com) if you
have additional WIP topics)
Potential topics:
-  CNRI handle system (brief overview)
-  International Grid Trust Federation

Complete agenda is available at http://middleware.internet2.edu/pki06/



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list