Explore Mozilla's comprehensive guide to implementing robust HTTPS in this 44-minute conference talk from BSides Tampa 2017. Delve into essential topics such as the HTTPS checklist, Perfect Forward Secrecy (PFS), and the importance of always using HTTPS. Learn about maintaining privacy, preloading, HTTP Public Key Pinning (HPKP), and public key extraction techniques. Examine the challenges of certificate revocation, understand the role of Certificate Authorities, and gain insights into certificate trust and CIA records. Enhance your knowledge of web security and best practices for implementing strong HTTPS protocols.
Overview
Syllabus
Intro
HTTP
HTTPS Checklist
Perfect Forward Secrecy
PFS
Replication
Always use HTTPS
Maintain privacy
Preload
HPK
Public key pinning
Public key extracting
Dragons
Revocation
One CRO
Certificate Authority
Certificate Trust
CIA Records