in root we trust
play

In Root we Trust Pavan Chander Lisa Bui OWASP Toronto: Feb 20, - PowerPoint PPT Presentation

In Root we Trust Pavan Chander Lisa Bui OWASP Toronto: Feb 20, 2019 Who are we? Pavan Chander Lisa Bui pchander@deloitte.ca libui@deloitte.ca Pavan is a Manager with Deloittes Lisa is a consultant in Deloittes Risk Cyber Risk


  1. In Root we Trust Pavan Chander Lisa Bui OWASP Toronto: Feb 20, 2019

  2. Who are we? Pavan Chander Lisa Bui pchander@deloitte.ca libui@deloitte.ca Pavan is a Manager with Deloitte’s Lisa is a consultant in Deloitte’s Risk Cyber Risk Advisory practice and has Advisory practice. Her specialties led WebTrust assurance include trust considerations of Public engagements of both public and Key Infrastructure, Cyber Security, enterprise CAs. He has also been an Enterprise Risk, and Third Party official witness to several root key Service Auditor Reporting. generation ceremonies both in Canada and internationally.

  3. Let’s talk about encryption

  4. Symmetric encryption

  5. Asymmetric encryption

  6. 1993 2019

  7. Subject: google.ca Validity period: Feb 1, 2019 to Feb 28, 2019 Usage: Server authentication

  8. Certification Authorities Amazon, Comodo, DigiCert, Entrust, GoDaddy, Google, Symantec, VeriSign, and many more...

  9. Industry: CA/Browser Forum ● Certification Authorities ● Browser/OS vendors (e.g. Apple, Google, Microsoft, Mozilla) Auditors: CPA Canada WebTrust/PKI Assurance Taskforce ● CPA Canada members ● Audit firms

  10. Other things... ● Publicly trusted vs Enterprise ● Other use cases ○ Client authentication: VPN ○ Code signing: Airplanes, Windows Updates ○ Email ○ V2X

  11. Microsoft trust store Governments of… ● Australia ● Saudi Arabia ● Brazil ● Slovenia ● Finland ● South Africa ● France ● Spain ● Hong Kong ● Sweden ● Hungary ● Taiwan ● India ● The Netherlands ● Japan ● Tunisia ● Korea ● Turkey ● Lithuania ● Uruguay ● Macao ...plus many private sector companies from ● Portugal around the world

  12. Takeaways... ● https://cabforum.org/ ● http://www.webtrust.org/ ● https://wiki.mozilla.org/CA ● https://groups.google.com/forum/# !forum/mozilla.dev.security.policy ● https://crt.sh/?cablint=1+week

Recommend


More recommend