Other Writings And Presentations

Here are some random things I have written in other places, and presentations I’ve given.

Emily Schechter and I gave a talk at Google I/O 2018: Lessons from Spectre and Meltdown, and how the whole web is getting safer. It’s also on YouTube. As a follow-up to this, I and the Chrome Security Team have also written a document about our approach to side-channel attacks.

I helped out a little bit with Felt, et al.’s USENIX 2017 paper “Measuring HTTPS Adoption On The Web” (local copy).

Prefer Secure Origins For Powerful New Features”. If the web is an application platform, code should be signed. Written with much help from my colleagues on the Chrome engineering team. This has since morphed into the W3C Privileged Contexts spec, by Mike West and Yan Zhu.

I proposed that web browsers affirmatively mark non-secure origins as non-secure.

I presented TLS All the Things! — Security With Performance at the Chrome Dev Summit 2014.

With the Chrome Security Team, I help maintain the Chromium Security FAQ.

A review of Distrust That Particular Flavor by William Gibson on io9 (local copy).

Security With HTTPS” on the Google Web Fundamentals site.

How to Deploy HTTPS Correctly”. This has since been ably updated by Yan Zhu and others.

I presented “High Performance, Low Cost, and Strong Security: Pick Any Three” (local copy) at the O’Reilly Web 2.0 Expo 2009 conference.

Secure Session Management With Cookies for Web Applications” (local copy). There’s a few things I’d change, now...