Trust Beyond the First Hop—What Really Happens to Data Sent to HTTPS Websites

There's a lot of fuss about the best way to visually show how secure your connection is when browsing online. The more mainstream example is the "lock" icon at the top left hand side of a browser—which indicates that you are currently visiting a website over an encrypted and authenticated HTTPS connection. This extra visual lets the trained web explorer know that the site they're visiting can't be tampered or "snooped" on. The visual impact of this information is top of mind for Google's Chrome team and Mozilla--with future browsers showing a solid bar of "red" for a more in-your-face indicators of an unencrypted connection.

This focus on improving HTTPS adoption by web browser is admirable. However, the basic visual information expressed to the web user belies a complex and evolving topology of services sitting on the other side. There's way more to it than a lock or a colored address bar. With the proliferation of low-cost web infrastructure services, even small personal blogs have access to secure global caching and HTTPS. Furthermore, HTTPS termination is not what it used to be in the early days of the web. In this session we will take a look "under the hood" to share more about where data is actually going.

Hear what happens to web data once it leaves the happy embrace of an HTTPS tunnel and spills out to the other side. Attendees will also learn about potential approaches to bridge the gap and allow web services to extend trust beyond the first hop.