sponsors
help promote
general information
Venue:
Google
Gordon House
Barrow Street, Dublin 4
Ireland
Questions?
About SREcon?
About Registration?
About Sponsorship?
usenix conference policies
HTTPS and Forward Secrecy at Scale
Chris Niemira, AOL
For years, the conversation about using TLS was little more than an argument over whether proper key management was worth the effort. But today’s news reports are riddled with stories about data theft and Internet espionage, and secure content delivery is the new normal. Now SSL is dead, new CVEs show up fast and furious, and our reaction time to the latest bug reports is measured not only in hours but customers at risk. In a world where we expect forward secrecy and elliptic curves to save us, we have to realize that it’s never as easy as flipping a few switches. We have to balance the performance and cost implications of different grades of security while keeping an eye on both compatibility and the latest threats.
This talk will discuss what forward secrecy is, and how it’s achieved. It will also describe the mechanics of Diffie-Hellman exchanges and how we measure the “cost” of enabling them on different platforms, as well as the benefits of ECC. We discuss how we validate and benchmark different points of encryption termination (notably appliance ADCs). We will specifically describe how we used our methodology to accomplish the HTTP to HTTPS migration of our webmail platform, and how we overcame the problems that we ran into along the way.
Chris Niemira is an AOL veteran who spent over seven years running the public gateways for the AOL Mail system, one of the world's largest email platforms. Today, he works as a reliability engineer, writing tools and running analyses to help to ensure the performance and availability of many of AOL's high traffic properties across the Internet. He previously spent time building solutions and running web properties in the Banking and Pharmaceutical industries (as well as some dot-coms we won't talk about), and also is currently pursuing an MBA and Master of Finance.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Chris Niemira},
title = {{HTTPS} and Forward Secrecy at Scale},
year = {2015},
address = {Dublin},
publisher = {USENIX Association},
month = may
}
connect with us