SpideyApp whitepaper (Warren / Crockford / Freitas) - April 2014
Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015
Transcript of Upgrading the Web with Douglas Crockford @ FITC's Web Unleashed 2015
Upgrading the Web
A Prospectus
Apology
The Web
Security
Passwords
RFC 1738 December 1994
// user : password @ host : port / url-path
The use of URLs containing passwords that should be secret is clearly unwise.
What’s wrong with the Web?
What’s wrong with the Web?
Insecure Complex
HTTP
Key : value pairs Negotiation
Request/response protocol
DNS
SSL
Certi cate Authorities
HTML
Templating
Document Object Model
CSS
JavaScript
Many Have Tried
• Microsoft, Apple, Adobe, Oracle, many more. • In most cases, the technology was much better. • In most cases, the solution was not open. • There was no transition.
Upgrade the Web.
Keep the things it does well.
HDTV
Helper App
Transition Plan
• Convince one progressive browser maker to integrate. • Convince one secure site to require its customers to use that browser.
• Risk mitigation will compel the other secure sites. • Competitive pressure will move the other browser makers.
• The world will follow for improved security and faster application development.
• Nothing breaks!
Strong Cryptography
• ECC 521 • AES 256 • SHA 3-256
Zooko’s Triangle
Human Meaningful
Securely Unique
Global: Decentralized
ECC521 public keys as unique identifiers
Secure JSON over TCP
web: publickey @ ipaddress / capability
Trust Management
Petnames
Vat
Cooperation under mutual suspicion.
JavaScript Message
Server Qt
The Old Web: Promiscuity
The New Web: Commitment
There’s nothing new here.
In the meantime, keep doing what you’re doing.
Hope
KEEP CALM
AND
JS ON