NIST logo
*

Workshop on Improving Trust in the Online Marketplace
Draft Program

April 10-11, 2013
Green Auditorium - NIST

 

9:00am – 10:15am

Session 1:  Welcome & Purpose
Andrew Regenscheid, NIST  

Keynote - Web Security in the Real World
Steve Bellovin, Federal Trade Commission

10:15am – 10:45am

Break

10:45am – 12:30pm

Session 2: Trust Architectures

State of PKI for SSL/TLS
Russ Housley, Vigil Security, LLC 

Revocation Process
Ryan Koski, GoDaddy  

Certificate Transparency protocol design and implementation
Emilia Kasper, Google

DANE: TLS Domain Name Authentication using the DNS Itself
Richard Barnes, BBN Technologies

12:30pm – 1:30pm LUNCH (West Square Cafeteria, 2nd cafeteria entrance)
1:30pm –1:40pm NSTIC Update
Jeremy Grant, NSTIC
1:40pm – 2:20pm

Session 3: Analysis Frameworks  

SEARCH for Trust SSL/TLS Enhancement or Alternatives for Realizing CA Homogeneity (SEARCH) for Trust
Alexandra Grant, Dartmouth College

Deployment Models for Backup Certificate Systems
Eric Rescorla, RTFM, Inc.

2:20pm -3:00pm

Session 4: Experiences  

A Window of Opportunity: How Certificate Transparency Increases Online Trust Accountability and Security: A CA Perspective
Ben Wilson, DigiCert

The ICSI Notary: Lessons and Insights from a Large-Scale Study of the SSL/TLS Ecosystem
Bernhard Amann, International Computer Science Institute

3:00pm – 3:30pm

Break

3:30pm – 5:00pm

Session 5: Panel - What Do We Need to Improve Trust?
Moderator: Sean Turner, IECA, Inc.

Panelists 

  • Sid Stamm, Mozilla
  • Rick Andrews, Symantec Corporation
  • Chris Sutherland, BMO
  • Eric Osterweil, Verisign
5:00pm

End of Day



Day 2: April 11, 2013

9:00am – 9:15am

Opening Remarks
Ari Schwartz, Department of Commerce

9:15am – 10:00am

Session 6: Keynote - Lessons learned from the DigiNotar case
Aart Jochem, National Cyber Security Centrum

10:00am – 10:20am

Structurally Insecure? Several paradoxes in the market for Certificate Authorities, and some ideas for resolving them
Peter Eckersley, EFF

10:20am – 10:50am Break
10:50am – 12:30pm

Session 7: Requirements, Auditing and Evidence

Federal PKI Approach to Auditing and Requirements - Cancelled
Deb Gallagher, GSA

Reference Certificate Policy
Andrew Regenscheid, NIST

CA Self-Governance: CA/Browser Forum Guidelines and Other Industry Developments
Ben Wilson, DigiCert

Enhancing Trust by Enhancing the Audit Process
Jens Bender, German Federal Office for Information Security, BSI  

European Approach to oversight of "Trust Service Providers"
Arno Fiedler, Nimbus Technologieberatung GmbH

12:30pm - 1:30pm Lunch (West Square Cafeteria, 2nd cafeteria entrance)
1:30pm – 2:30pm

Session 8: Management and Risk Mitigation  

Reducing the Tail Risk of CA Compromise by Enabling Trust in Regional CAs Using Language Community and Locale Annotations
Brad Hill, PayPal         

Verifying Keys through Publicity and Communities of Trust
Eric Osterweil,  Verisign

Using least privileged design principals to improve trust in the online marketplace
Ryan Hurst, GlobalSign

2:30pm – 3:00pm Break
3:00pm – 4:30pm

Session 9:  Panel - Where Do We Go From Here?
Moderator: Tim Polk, OSTP

Panelists:

  • Ben Wilson, CAB Forum
  • Russ Housley, Vigil Security, LLC
  • Joe Hall, CDT
  • Peter Eckersley, EFF
  • Stephen Schultze, Princeton
4:30pm - 5:00pm

Closing Session

Building Consensus
Tim Polk, OSTP

Final Remarks
Andrew Regenscheid, NIST

5:00pm

End of Day



Return to the Workshop on Improving Trust in the Online Marketplace home