Other Writing

Here are some random things I have written in other places. These are in no particular order, which I suppose I should try to fix at some point.

Emily Schechter and I gave a talk at Google I/O 2018: Lessons from Spectre and Meltdown, and how the whole web is getting safer. It’s also on YouTube. As a follow-up to this, I and the Chrome Security Team have also written a document about our approach to side-channel attacks.

I helped out a little bit with Felt, et al.’s USENIX 2017 paper “Measuring HTTPS Adoption On The Web” (local copy).

A review of Distrust That Particular Flavor by William Gibson on io9 (local copy).

Secure Session Management With Cookies for Web Applications” (local copy). There’s a few things I’d change, now...

How to Deploy HTTPS Correctly”. This has since been ably updated by Yan Zhu and others.

Prefer Secure Origins For Powerful New Features”. If the web is an application platform, code should be signed. Written with much help from my colleagues on the Chrome engineering team. This has since morphed into the W3C Privileged Contexts spec, by Mike West and Yan Zhu.

With the Chrome Security Team, I help maintain the Chromium Security FAQ.

I proposed that web browsers affirmatively mark non-secure origins as non-secure.

I presented TLS All the Things! — Security With Performance at the Chrome Dev Summit 2014.

Security With HTTPS” on the Google Web Fundamentals site.

I presented “High Performance, Low Cost, and Strong Security: Pick Any Three” (local copy) at the O’Reilly Web 2.0 Expo 2009 conference.