Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Workshop on Improving Trust in the Online Marketplace-Agenda

Workshop on Improving Trust in the Online Marketplace
Draft Program

April 10-11, 2013
Green Auditorium - NIST

9:00am – 10:15am

Session 1:  Welcome & Purpose
Andrew Regenscheid, NIST  

Keynote - Web Security in the Real World
Steve Bellovin, Federal Trade Commission

10:15am – 10:45am


10:45am – 12:30pm

Session 2: Trust Architectures

State of PKI for SSL/TLS
Russ Housley, Vigil Security, LLC 

Revocation Process
Ryan Koski, GoDaddy  

Certificate Transparency protocol design and implementation
Emilia Kasper, Google

DANE: TLS Domain Name Authentication using the DNS Itself
Richard Barnes, BBN Technologies

12:30pm – 1:30pmLUNCH (West Square Cafeteria, 2nd cafeteria entrance)
1:30pm –1:40pmNSTIC Update
Jeremy Grant, NSTIC
1:40pm – 2:20pm

Session 3: Analysis Frameworks  

SEARCH for Trust SSL/TLS Enhancement or Alternatives for Realizing CA Homogeneity (SEARCH) for Trust
Alexandra Grant, Dartmouth College

Deployment Models for Backup Certificate Systems
Eric Rescorla, RTFM, Inc.

2:20pm -3:00pm

Session 4: Experiences  

A Window of Opportunity: How Certificate Transparency Increases Online Trust Accountability and Security: A CA Perspective
Ben Wilson, DigiCert

The ICSI Notary: Lessons and Insights from a Large-Scale Study of the SSL/TLS Ecosystem
Bernhard Amann, International Computer Science Institute

3:00pm – 3:30pm


3:30pm – 5:00pm

Session 5: Panel - What Do We Need to Improve Trust?
Moderator: Sean Turner, IECA, Inc.


  • Sid Stamm, Mozilla
  • Rick Andrews, Symantec Corporation
  • Chris Sutherland, BMO
  • Eric Osterweil, Verisign

End of Day





Day 2: April 11, 2013

9:00am – 9:15am

Opening Remarks
Ari Schwartz, Department of Commerce

9:15am – 10:00am

Session 6: Keynote - Lessons learned from the DigiNotar case
Aart Jochem, National Cyber Security Centrum

10:00am – 10:20am

Structurally Insecure? Several paradoxes in the market for Certificate Authorities, and some ideas for resolving them
Peter Eckersley, EFF

10:20am – 10:50amBreak
10:50am – 12:30pm

Session 7: Requirements, Auditing and Evidence

Federal PKI Approach to Auditing and Requirements - Cancelled
Deb Gallagher, GSA

Reference Certificate Policy
Andrew Regenscheid, NIST

CA Self-Governance: CA/Browser Forum Guidelines and Other Industry Developments
Ben Wilson, DigiCert

Enhancing Trust by Enhancing the Audit Process
Jens Bender, German Federal Office for Information Security, BSI  

European Approach to oversight of "Trust Service Providers"
Arno Fiedler, Nimbus Technologieberatung GmbH

12:30pm - 1:30pmLunch (West Square Cafeteria, 2nd cafeteria entrance)
1:30pm – 2:30pm

Session 8: Management and Risk Mitigation  

Reducing the Tail Risk of CA Compromise by Enabling Trust in Regional CAs Using Language Community and Locale Annotations
Brad Hill, PayPal         

Verifying Keys through Publicity and Communities of Trust
Eric Osterweil,  Verisign

Using least privileged design principals to improve trust in the online marketplace
Ryan Hurst, GlobalSign

2:30pm – 3:00pmBreak
3:00pm – 4:30pm

Session 9:  Panel - Where Do We Go From Here?
Moderator: Tim Polk, OSTP


  • Ben Wilson, CAB Forum
  • Russ Housley, Vigil Security, LLC
  • Joe Hall, CDT
  • Peter Eckersley, EFF
  • Stephen Schultze, Princeton
4:30pm - 5:00pm

Closing Session

Building Consensus
Tim Polk, OSTP

Final Remarks
Andrew Regenscheid, NIST


End of Day



Return to the Workshop on Improving Trust in the Online Marketplace home







Created March 11, 2013, Updated September 21, 2016