CASC Happenings at RSA

Monday February 25, 2013

We are excited to have members of the CASC attending and speaking at this year’s RSA Conference. The events and panels will cover various topics that revolve around the security of the Internet and CAs as a whole. You can follow the CASC on Twitter for more information and news at @CertCouncil, as well as see some of the presentations after the events on our SlideShare page. Please join us for the following CASC member events:

 

Tuesday, February 26, 2013, 2:30-3:30 PM, Room 304

TECH-T18 – Alternatives to Certification Authorities for a Secure Web

Moderator(s):
CASC Member– Kirk Hall – Operations Director, Trust Services, Trend Micro, Inc.

Panelist(s):

Adam Langley – Senior Staff Software Engineer, Google
CASC Member-Wayne Thayer – Chief Technology Officer, Go Daddy
CASC Member-Quentin Liu – Senior Director Engineering, Symantec
Yngve Pettersen – Software Developer, Security Specialist

Recent Certification Authority (CA) breaches have created interest in alternatives for a secure web, including DANE, Convergence and other concepts. This panel of browser and CA experts will examine recent CA breaches and remedies, and analyze the most promising alternatives to commercial CAs and their digital certificates. Do these alternatives provide security equivalent to CAs?

 

Wednesday, February 27, 2013, 8:00-9:00 AM, Room 131

PNG-W21 – NSTIC Report–Path from Cyber-Identity Puzzle to Interoperable ID Ecosystem

Moderator(s):

CASC Member-Benjamin Wilson – Senior Vice President Industry Relations and General Counsel, DigiCert

Panelist(s):

James Elste – Principal, INOV8V CyberCQRT
Peter Brown – Consultant, Independent
Bob Blakley – Director, Security Innovation, Citigroup
Brett McDowell – Senior Manager, Ecosystem Security, PayPal
Jeremy Grant – Senior Executive Advisor, Identity Management, NIST (US Commerce Department)

Key leaders of the Identity Ecosystem Steering Group and the NSTIC National Program Office will discuss their plans and recent efforts to solve the perplexing cyber identity puzzle, including how they are spearheading the launch of an interoperable ID ecosystem that is secure, cost-effective, voluntary and privacy-enhancing and how trusted identity can meet the needs of traditional IT security.

 

Wednesday, February 27, 2013, 11:40-2:00 PM, Room 300

STU-W25B – Studio: Nation-State Attacks on PKI

Speaker:

CASC Member-Phillip Hallam-Baker – Vice President and Principal Scientist, Comodo Group Inc.

The recent Stuxnet, Flame and CA compromises involving Comodo and DigiNotar had three common elements—each was government sponsored, each involved Iran and all three involved a PKI compromise. Find out about this type of attack from someone who has been on the receiving end and how to plan to respond to, mitigate and deter such attacks.

 

Friday, March 1, 2013, 9:00-10:00AM, Room 304

TECH-F41 – Cracked SSL?

Moderator(s):

CASC Member-Benjamin Wilson – Senior Vice President Industry Relations and General Counsel, DigiCert

Panelist(s):
Bradley Hill – Senior Member of Technical Staff, PayPal, Inc.
CASC Member-Phillip Hallam-Baker – Vice President and Principal Scientist, Comodo Group Inc.
Yngve Pettersen – Software Developer, Security Specialist
Marsh Ray – Senior Software Development Engineer, PhoneFactor

This panel will discuss how to mitigate or prevent active man-in-the-middle attacks that use combinations of social engineering, malware, DNS, and certificate mis-issuance or issuance process compromises involving CAs to compromise SSL sessions on unpatched, misconfigured, or poorly designed systems and trick users into disclosing sensitive information.

 

Check back here next week for RSA updates from CASC members attending the event.ding the event.

This article was originally published by the "CA Security Council". In 2021 the CASC was restructred and renamed to the "Public Key Infrastructure Consortium" shortly "PKI Consortium".

Learn more about the PKI Consortium
Participate in our community discussions and/or join the consortium