SlideShare a Scribd company logo

SMIMP Lightning Talk - DEFCON CryptoVillage

Download as PPTX, PDF
Adam Caudill
Adam Caudill

Short talk on the SMIMP project given at DEFCON.

Technology
1 of 9
SMIMP, Email, Superglue A discussion on the state of email security, and options for a path forward.
Email security today...
The Email Failfest ● Assumes network is trusted ● Assumes servers are trusted ● Assumes the sender is who they claim ● Doesn't prevent content modification ● Doesn't protect content
Torch it, or keep trying to fix it? Keep: ● Massive user base ● Deeply entrenched ● Universal support Torch: ● Do it right ● Strong crypto ● Better privacy
SMIMP: A Micro Introduction ● End-to-end Crypto (curve25519) ● Forward secrecy (loosely based on TextSecure) ● Integrated public key discovery ● Hash-chain to detect profile alteration ● Dynamic Hashcash-like proof of work ● Transported over HTTPS (firewall friendly, harder to block or inspect)
The Two Sides of SMIMP Identity ● Name ● Public Ed25519 key ● Web site ● Social profiles Messaging ● Multiple message types ● Whitelist / blacklist / anti-spam ● Simple JSON format
What's the status today? ● Spec work still ongoing ● No code written ● Needs more feedback
Thanks! smimp.org github.com/smimp/smimp_spec adam@adamcaudill.com @adamcaudill

Recommended

Security awareness training
Security awareness trainingSecurity awareness training
Security awareness trainingSumedt Jitpukdebodin
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Krzysztof Kotowicz
 
Let's Encrypt
Let's EncryptLet's Encrypt
Let's EncryptAmjad Mashaal
 
Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Emily Stark
 
Rd mongo-meetup-2013-05-21
Rd mongo-meetup-2013-05-21Rd mongo-meetup-2013-05-21
Rd mongo-meetup-2013-05-21Claire Willett
 
Trusted Types and the end of DOM XSS
Trusted Types and the end of DOM XSSTrusted Types and the end of DOM XSS
Trusted Types and the end of DOM XSSKrzysztof Kotowicz
 
Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!Mark Niebergall
 

Recommended

Security awareness training
Security awareness trainingSecurity awareness training
Security awareness trainingSumedt Jitpukdebodin
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Krzysztof Kotowicz
 
Let's Encrypt
Let's EncryptLet's Encrypt
Let's EncryptAmjad Mashaal
 
Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Emily Stark
 
Rd mongo-meetup-2013-05-21
Rd mongo-meetup-2013-05-21Rd mongo-meetup-2013-05-21
Rd mongo-meetup-2013-05-21Claire Willett
 
Trusted Types and the end of DOM XSS
Trusted Types and the end of DOM XSSTrusted Types and the end of DOM XSS
Trusted Types and the end of DOM XSSKrzysztof Kotowicz
 
Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!Mark Niebergall
 
Trusted Types @ W3C TPAC 2018
Trusted Types @ W3C TPAC 2018Trusted Types @ W3C TPAC 2018
Trusted Types @ W3C TPAC 2018Krzysztof Kotowicz
 
BlockChain Basic Concepts
BlockChain Basic ConceptsBlockChain Basic Concepts
BlockChain Basic ConceptsMuLearn
 
cross document messaging, html 5
cross document messaging, html 5cross document messaging, html 5
cross document messaging, html 5Kristoffer Snabb
 
22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)UTD Computer Security Group
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Body parts
Body partsBody parts
Body partsJuan Pablo Franco Perdomo
 
User research when you can’t reach your users
User research when you can’t reach your usersUser research when you can’t reach your users
User research when you can’t reach your usersDesign for Drupal, Boston
 
Responsive js
Responsive jsResponsive js
Responsive jsDesign for Drupal, Boston
 
Cooperatives and Collectives - Think Outside the Boss
Cooperatives and Collectives - Think Outside the BossCooperatives and Collectives - Think Outside the Boss
Cooperatives and Collectives - Think Outside the BossDesign for Drupal, Boston
 
Clothes
ClothesClothes
ClothesJuan Pablo Franco Perdomo
 
Fans fans sepakbola
Fans fans sepakbola Fans fans sepakbola
Fans fans sepakbola Apriyantowijaya
 
Oomph - Community, Drupal & Business
Oomph - Community, Drupal & BusinessOomph - Community, Drupal & Business
Oomph - Community, Drupal & BusinessDesign for Drupal, Boston
 
Real-Time Multi-Device Theming
Real-Time Multi-Device ThemingReal-Time Multi-Device Theming
Real-Time Multi-Device ThemingDesign for Drupal, Boston
 
Enhancing Design with Adaptive Content
Enhancing Design with Adaptive ContentEnhancing Design with Adaptive Content
Enhancing Design with Adaptive ContentDesign for Drupal, Boston
 
Body parts
Body partsBody parts
Body partsJuan Pablo Franco Perdomo
 
SC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondSC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondAdam Caudill
 
Coopify Feasbility Study
Coopify Feasbility StudyCoopify Feasbility Study
Coopify Feasbility StudyStephanie Nussbaum
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
From User Personas to Testing: A Project Manager's Journey Towards Behat
From User Personas to Testing: A Project Manager's Journey Towards BehatFrom User Personas to Testing: A Project Manager's Journey Towards Behat
From User Personas to Testing: A Project Manager's Journey Towards BehatDesign for Drupal, Boston
 
Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Niranjanaa Ragupathy
 

More Related Content

What's hot

BlockChain Basic Concepts
BlockChain Basic ConceptsBlockChain Basic Concepts
BlockChain Basic ConceptsMuLearn
 
cross document messaging, html 5
cross document messaging, html 5cross document messaging, html 5
cross document messaging, html 5Kristoffer Snabb
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 

What's hot (6)

Trusted Types @ W3C TPAC 2018
Trusted Types @ W3C TPAC 2018Trusted Types @ W3C TPAC 2018
Trusted Types @ W3C TPAC 2018
 
BlockChain Basic Concepts
BlockChain Basic ConceptsBlockChain Basic Concepts
BlockChain Basic Concepts
 
cross document messaging, html 5
cross document messaging, html 5cross document messaging, html 5
cross document messaging, html 5
 
22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 

Viewers also liked

Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
User research when you can’t reach your users
User research when you can’t reach your usersUser research when you can’t reach your users
User research when you can’t reach your usersDesign for Drupal, Boston
 
Cooperatives and Collectives - Think Outside the Boss
Cooperatives and Collectives - Think Outside the BossCooperatives and Collectives - Think Outside the Boss
Cooperatives and Collectives - Think Outside the BossDesign for Drupal, Boston
 
SC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondSC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondAdam Caudill
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
From User Personas to Testing: A Project Manager's Journey Towards Behat
From User Personas to Testing: A Project Manager's Journey Towards BehatFrom User Personas to Testing: A Project Manager's Journey Towards Behat
From User Personas to Testing: A Project Manager's Journey Towards BehatDesign for Drupal, Boston
 

Viewers also liked (15)

Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers Group
 
Body parts
Body partsBody parts
Body parts
 
User research when you can’t reach your users
User research when you can’t reach your usersUser research when you can’t reach your users
User research when you can’t reach your users
 
Responsive js
Responsive jsResponsive js
Responsive js
 
Cooperatives and Collectives - Think Outside the Boss
Cooperatives and Collectives - Think Outside the BossCooperatives and Collectives - Think Outside the Boss
Cooperatives and Collectives - Think Outside the Boss
 
Clothes
ClothesClothes
Clothes
 
Fans fans sepakbola
Fans fans sepakbola Fans fans sepakbola
Fans fans sepakbola
 
Oomph - Community, Drupal & Business
Oomph - Community, Drupal & BusinessOomph - Community, Drupal & Business
Oomph - Community, Drupal & Business
 
Real-Time Multi-Device Theming
Real-Time Multi-Device ThemingReal-Time Multi-Device Theming
Real-Time Multi-Device Theming
 
Enhancing Design with Adaptive Content
Enhancing Design with Adaptive ContentEnhancing Design with Adaptive Content
Enhancing Design with Adaptive Content
 
Body parts
Body partsBody parts
Body parts
 
SC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondSC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & Beyond
 
Coopify Feasbility Study
Coopify Feasbility StudyCoopify Feasbility Study
Coopify Feasbility Study
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For You
 
From User Personas to Testing: A Project Manager's Journey Towards Behat
From User Personas to Testing: A Project Manager's Journey Towards BehatFrom User Personas to Testing: A Project Manager's Journey Towards Behat
From User Personas to Testing: A Project Manager's Journey Towards Behat
 

Similar to SMIMP Lightning Talk - DEFCON CryptoVillage

Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Niranjanaa Ragupathy
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Security .NET.pdf
Security .NET.pdfSecurity .NET.pdf
Security .NET.pdfAbhi Jain
 
Are you weak in the middle?
Are you weak in the middle?Are you weak in the middle?
Are you weak in the middle?FSCONS
 
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx
 
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...JosephTesta9
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologiesDaniel Stenberg
 
Tuenti: Web Application Security
Tuenti: Web Application SecurityTuenti: Web Application Security
Tuenti: Web Application SecurityTuenti
 
Tuenti: Web Application Security
Tuenti: Web Application SecurityTuenti: Web Application Security
Tuenti: Web Application SecurityGuille -bisho-
 
CISSP Week 13
CISSP Week 13CISSP Week 13
CISSP Week 13jemtallon
 
Trusted Email Server DKIM, SPF, DMARC, RDNS
Trusted Email Server DKIM, SPF, DMARC, RDNSTrusted Email Server DKIM, SPF, DMARC, RDNS
Trusted Email Server DKIM, SPF, DMARC, RDNSGLC Networks
 
apsec SEPPmail Email Security Gateway
apsec SEPPmail Email Security Gatewayapsec SEPPmail Email Security Gateway
apsec SEPPmail Email Security Gatewayandreasschuster
 

Similar to SMIMP Lightning Talk - DEFCON CryptoVillage (20)

Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018Introduction to Web Application Security - Blackhoodie US 2018
Introduction to Web Application Security - Blackhoodie US 2018
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptx
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
Forward Secrecy
Forward SecrecyForward Secrecy
Forward Secrecy
 
Security .NET.pdf
Security .NET.pdfSecurity .NET.pdf
Security .NET.pdf
 
Are you weak in the middle?
Are you weak in the middle?Are you weak in the middle?
Are you weak in the middle?
 
email.ppt
email.pptemail.ppt
email.ppt
 
Email2
Email2Email2
Email2
 
Protobuff and gRPC
Protobuff and gRPCProtobuff and gRPC
Protobuff and gRPC
 
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx Encryption Delivery Methods
Echoworx Encryption Delivery Methods
 
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologies
 
Tuenti: Web Application Security
Tuenti: Web Application SecurityTuenti: Web Application Security
Tuenti: Web Application Security
 
Tuenti: Web Application Security
Tuenti: Web Application SecurityTuenti: Web Application Security
Tuenti: Web Application Security
 
CISSP Week 13
CISSP Week 13CISSP Week 13
CISSP Week 13
 
Trusted Email Server DKIM, SPF, DMARC, RDNS
Trusted Email Server DKIM, SPF, DMARC, RDNSTrusted Email Server DKIM, SPF, DMARC, RDNS
Trusted Email Server DKIM, SPF, DMARC, RDNS
 
Web security 101
Web security 101Web security 101
Web security 101
 
Websec
WebsecWebsec
Websec
 
apsec SEPPmail Email Security Gateway
apsec SEPPmail Email Security Gatewayapsec SEPPmail Email Security Gateway
apsec SEPPmail Email Security Gateway
 
Email security
Email securityEmail security
Email security
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

SMIMP Lightning Talk - DEFCON CryptoVillage

  • 1.
  • 2. SMIMP, Email, Superglue A discussion on the state of email security, and options for a path forward.
  • 4. The Email Failfest ● Assumes network is trusted ● Assumes servers are trusted ● Assumes the sender is who they claim ● Doesn't prevent content modification ● Doesn't protect content
  • 5. Torch it, or keep trying to fix it? Keep: ● Massive user base ● Deeply entrenched ● Universal support Torch: ● Do it right ● Strong crypto ● Better privacy
  • 6. SMIMP: A Micro Introduction ● End-to-end Crypto (curve25519) ● Forward secrecy (loosely based on TextSecure) ● Integrated public key discovery ● Hash-chain to detect profile alteration ● Dynamic Hashcash-like proof of work ● Transported over HTTPS (firewall friendly, harder to block or inspect)
  • 7. The Two Sides of SMIMP Identity ● Name ● Public Ed25519 key ● Web site ● Social profiles Messaging ● Multiple message types ● Whitelist / blacklist / anti-spam ● Simple JSON format
  • 8. What's the status today? ● Spec work still ongoing ● No code written ● Needs more feedback