The Web PKI in Practice and Malpractice

09.09.2016, 10:00 – 11:30

2016/09/09 10:00-11:30

Speaker: Bruce Maggs | Location: Rundeturmstraße 10 (S3|20), Room 18, Darmstadt

Organizer: MAKI


This talk delves into the way that the Web's Public-Key Infrastructure is administered and implemented in practice, with a focus on three topics: (1) the support (or lack thereof) for certificate revocation, (2) the sharing of private keys, and (3) the use of invalid certificates. For each of these topics the speaker will present a surprising empirical fact about the Web PKI in practice, which may cause listeners to reevaluate their trust in Web security. The talk will explain the rationale behind current practices and explore ways to improve them.

Short Bio

Bruce Maggs received the S.B., S.M., and Ph.D. degrees in computer science from the Massachusetts Institute of Technology in 1985, 1986, and 1989, respectively. His advisor was Charles Leiserson. After spending one year as a Postdoctoral Associate at MIT, he worked as a Research Scientist at NEC Research Institute in Princeton from 1990 to 1993. In 1994, he moved to Carnegie Mellon, where he stayed until joining Duke University in 2009 as a Professor in the Department of Computer Science. While on a two-year leave-of-absence from Carnegie Mellon, Maggs helped to launch Akamai Technologies, serving as its Vice President for Research and Development, before returning to Carnegie Mellon. He retains a part-time role at Akamai as Vice President for Research.

Maggs's research focuses on networks for parallel and distributed computing systems. In 1986, he became the first winner (with Charles Leiserson) of the Daniel L. Slotnick Award for Most Original Paper at the International Conference on Parallel Processing, and in 1994 he received an NSF National Young Investigator Award. He was co-chair of the 1993-1994 DIMACS Special Year on Massively Parallel Computation and has served on the steering committees for the ACM Symposium on Parallel Algorithms and Architectures (SPAA) and ACM Internet Measurement Conference (IMC), and on the program committees of numerous ACM conferences including STOC, SODA, PODC, and SIGCOMM.