In the beginning, the web platform allowed websites to navigate to, submit forms to, and load resources, such as images or scripts, from any other website. For example, in the original design of the web, website1.test could load and display an image from website2.test. The image load could even be authenticated via, for example, cookies. website1.test would not, however, be able to directly read the response.| Emily M. Stark
This blog post is an expanded version of a Twitter thread I posted several years ago about why every website should use HTTPS. Twitter seems less… readily citable these days, so I thought it would be good to have a blog post version of it.| Emily M. Stark
In my last blog post, I discussed why people often view the web as a uniquely unsuited platform for implementing end-to-end encryption (E2EE). This view is that the web doesn’t offer a long-term trustable notion of what the application is. In that earlier post, I explored the idea of treating the application as untrustworthy and isolating sensitive data from it. In this post, I’m going to pontificate on whether web applications are truly less trustworthy than native applications, especial...| Emily M. Stark
With the publication of Messaging Layer Security (MLS) as an RFC, I’ve been pulled into some recent discussion about bringing end-to-end encryption (E2EE) to the web. This is a topic that comes up every so often and has weirdly haunted me throughout my career. (I spent my undergrad and graduate research years working on cryptography implementations in Javascript and how to use them in applications.)| Emily M. Stark
After several years of serving on program committees at computer security conferences, I recently decided to take a hiatus. The time commitment became overwhelming, but overall I consider serving on PCs a worthwhile experience and hope to eventually get back in the game after taking a break. If you’re considering donating time to review papers, I’ll mention a few things that I find worthwhile about the experience:| Emily M. Stark
Today I’m going to continue a series of blog posts called “Deep dives into topics recently written about by people named Eric.” Last time it was Eric Lawrence, and today our jumping off point will be Eric Rescorla’s blog.| Emily M. Stark
Every once in a while, I encounter some variation of the following question: how can a TLS certificate go from perfectly acceptable one day to completely insecure the next? In other words, why does the browser show a scary full-page warning for a certificate that expired one day, or even one hour, ago – the same as a certificate that is self-signed, chains to an unknown root, or presents the wrong name? The premise behind these questions is that an expired certificate (especially one that i...| Emily M. Stark
I’ve noticed that there’s a common misconception that Certificate Transparency is a replacement for HTTP public key pinning. If those words make no sense to you: HTTP public key pinning was a now-mostly-defunct mechanism whereby websites could “pin” themselves to a set of public keys, so that browsers would not accept a certificate for that website’s hostname unless one of those pinned public keys appeared in its certificate chain. Certificate Transparency is a system whereby certif...| Emily M. Stark
In recent years, setting up a public HTTPS website has gotten easier and easier, thanks to widespread automated certificate management, free certificates, inexpensive CDN support, and other developments. However, for the most part, these advancements – and the web PKI in general – are designed for publicly accessible websites. That is, a website with a publicly resolvable domain name can undergo domain name validation to get an HTTPS certificate. You can also get an HTTPS certificate for ...| Emily M. Stark
The line of death, as Eric Lawrence explained in a classic blog post, is the idea that an application should separate trustworthy UI from untrusted content. The typical example is in a web browser, where untrustworthy web content appears below the browser toolbar UI. Trustworthy content provided by the web browser must appear either in the browser toolbar, or anchored to it or overlapping it. If this separation is maintained, then untrusted content can’t spoof the trustworthy browser UI to ...| Emily M. Stark