"Emerging Open Standards for Cryptography: Web Crypto, FIDO Authentication, and Beyond"

10/12/2015 - 10:25 - 11/12/2015 - 10:25

For decades, the Web did not support fundamental cryptography primitives for applications, and user authentication has been limited to user-name passwords. Due to the work of the W3C Web Cryptography Working Group this year and new efforts around Web Authentication next year, the Web has begun evolving to a more secure platform for application development. The Web Cryptography API provides a standardized  Javascript API currently supported across browsers that supports fundamental primitives ranging from PNRG access to key derivation functions. The proposed FIDO 2.0 standard to replace passwords with one-factor cryptographic authentication has already gained widespread industry support from Google and Microsoft, and should be an open standard next year. We'll overview how these new Web-level standards interact with the larger standards-based eco-system, including new developments on the TLS level at the IETF, re-visiting the debates over recommended NIST curves in CFRG, and work in encrypted and privacy-preserving messaging standards.