Upgrading the Web

A Prospectus

Apology

The Web

Security

Passwords

RFC 1738 December 1994

// user : password @ host : port / url-path

The use of URLs containing passwords that should be secret is clearly unwise.

What’s wrong with the Web?

What’s wrong with the Web?

Insecure Complex

HTTP

Key : value pairs Negotiation

Request/response protocol

DNS

SSL

Certi cate Authorities

HTML

Templating

Document Object Model

CSS

JavaScript

Many Have Tried

• Microsoft, Apple, Adobe, Oracle, many more. • In most cases, the technology was much better. • In most cases, the solution was not open. • There was no transition.

Upgrade the Web.

Keep the things it does well.

HDTV

Helper App

Transition Plan

• Convince one progressive browser maker to integrate. • Convince one secure site to require its customers to use that browser.

• Risk mitigation will compel the other secure sites. • Competitive pressure will move the other browser makers.

• The world will follow for improved security and faster application development.

• Nothing breaks!

Strong Cryptography

• ECC 521 • AES 256 • SHA 3-256

Zooko’s Triangle

Human Meaningful

Securely Unique

Global: Decentralized

ECC521 public keys as unique identifiers

Secure JSON over TCP

web: publickey @ ipaddress / capability

Trust Management

Petnames

Vat

Cooperation under mutual suspicion.

JavaScript Message

Server Qt

The Old Web: Promiscuity

The New Web: Commitment

There’s nothing new here.

In the meantime, keep doing what you’re doing.

Hope

KEEP CALM

AND

JS ON