Abstract
Outside of browsers, Linux uses of HTTPS do not check certificate revocation. This means applications remain vulnerable to compromised or misissued certificates many months after this is discovered. In contrast, Windows and macOS provide system services that solve this problem.
In this talk, we introduce upki: a new effort to bring browser-grade certificate infrastructure to Linux, starting with reliable, privacy-preserving and efficient certificate revocation. This effort is funded by Canonical, engineered by the maintainers of rustls, and builds on foundational work from Mozilla.
We’ll talk about what is in our first release, and share our plans for the future.
Speaker Bio
Dirkjan Ochtman (@djc)
Dirkjan is a professional Rust maintainer, active on projects like rustls, Hickory DNS and Quinn. He lives in the Netherlands with their family.
Joe Birr-Pixton
I’m Joe, hailing from Cambridge, UK. I’m a security engineer, formerly with Twilio, Electric Imp, BlackBerry, Good Technology, Thales, and nCipher. These days I mostly work in Rust, but my professional experience is in C and C++. I’m the original author of the “rustls” crate, which provides TLS support to most of the Rust ecosystem.