September 27, 2017

Henrich C. Pöhls: Authenticity for Web Content: Why the web’s transport security era must end?


In communication security one can distinguish between securing the transport (i.e. TLS tunnel) or each message (i.e. Encrypted eMail). Since the web was born as a transport medium, transport level security is what we see deployed today: TLS tunnels and trusted certificates for servers everywhere. Giving some motivating examples I illustrate that todays applications on the web are in need of something else. Focussing on web content including text and in search of a broad applicability in the “sharing” web, I will motivate why I only look at authenticity and integrity. I will briefly touch why I think watermarking, DRM are not working here. In the second half I will talk about possible solutions for web content and possible enforcement mechanism without the need of DRM. One approach is to use a simple policy, digital signatures, and reuse existing infrastructures and technologies that have been build to support PKI.