Upgrading the WebA Prospectus
Apology
The Web
Security
Passwords
RFC 1738December 1994
// user : password @ host : port / url-pathThe use of URLs containing passwords that should be secret is clearly unwise.
What’s wrong with the Web?
What’s wrong with the Web?
InsecureComplex
HTTP
Key : value pairsNegotiation
Request/response protocol
DNS
SSL
Certicate Authorities
HTML
Templating
Document Object Model
CSS
JavaScript
Many Have Tried•Microsoft, Apple, Adobe, Oracle, many more.• In most cases, the technology was much better.• In most cases, the solution was not open.•There was no transition.
Upgrade the Web.
Keep the things it does well.
HDTV
Helper App
Transition Plan•Convince one progressive browser maker to integrate.•Convince one secure site to require its customers to use that browser.•Risk mitigation will compel the other secure sites.•Competitive pressure will move the other browser makers.• The world will follow for improved security and faster application development.•Nothing breaks!
Strong Cryptography•ECC 521•AES 256•SHA 3-256
Zooko’s Triangle
HumanMeaningful
Securely Unique
Global:Decentralized
ECC521 public keys as unique identifiers
Secure JSON over TCP
web: publickey @ ipaddress / capability
Trust Management
Petnames
Vat
Cooperation under mutual suspicion.
JavaScript
Message Server
Qt
The Old Web: Promiscuity
The New Web: Commitment
There’s nothing new here.
In the meantime,keep doing what you’re doing.
Hope
KEEPCALM
AND
JSON