Who Watches the Watchers in Web PKI?

Speaker: Kat Joyce , Google

Date: Wednesday, May 22, 2019

Time: 2:00 PM to 3:00 PM

Public: Yes

Location: 32-G882

Event Type: Seminar

Room Description: Hewlett Room

Host: Alin Tomescu, MIT

Contact: Ioan A Tomescu Nicolescu, alinush@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:

Reminders to: katjoyce@google.com, seminars@csail.mit.edu, systems-security@lists.csail.mit.edu

Reminder Subject: TALK: Who Watches the Watchers in Web PKI?

Since the dawn of time (well, Web PKI), certificates have been used to ensure that internet users are actually talking to the websites they think they are. Since the dawn of time (a.k.a. the mid-90s) Certificate Authorities have been trusted to Do The Right ThingTM when issuing these certificates, and watch out for baddies trying to get their hands on certificates for domains they don’t own. But what if a CA makes issuance mistakes? What if a CA is hacked? What if a CA is run by the baddies themselves?! Who watches the watchers?

Enter: Certificate Transparency.

Certificate Transparency is the latest internet security superhero. Power: detecting certificate misissuance and certificate authority misbehaviour (oooh yeah).

But seriously, capes and wearing-undies-over-skin-tight-lycra aside, what exactly is Certificate Transparency? How does it work? Why should you care? Is it even helping? Come along to this talk and find out!

Kat is a Software Engineer on the Trust Fabric team at Google, where she is currently focusing on building infrastructure to ensure actors within the Certificate Transparency ecosystem are operating in line with the Chrome Certificate Transparency Log Policy.

Prior to Google, Kat was a Research Engineer in the Networks and Systems research group at UCL. Kat has an MSc in Information Security from UCL, and a BSc (Hons) in Mathematics from Dalhousie University. In her spare time Kat loves to ski, swim, read, and play various musical instruments, with varying levels of success!

Research Areas:
Security & Cryptography, Systems & Networking

Impact Areas:

See other events that are part of the CSAIL Security Seminar Series 2019.

Created by Ioan A Tomescu Nicolescu Email at Saturday, April 27, 2019 at 11:39 AM.