diff --git a/content/schedule/_index.html b/content/schedule/_index.html index e146ce1..8c75c08 100644 --- a/content/schedule/_index.html +++ b/content/schedule/_index.html @@ -15,14 +15,14 @@
- Wednesday, October 9 + Wednesday, October 9
Thursday, October 10
- Friday, October 11 + Friday, October 11
-{{< summit-list-talks "schedule" "2024-10-11" >}} +{{< summit-list-talks "schedule" "2024-10-09" >}} diff --git a/content/schedule/chrome.md b/content/schedule/chrome.md index 7b2e093..c4af05e 100644 --- a/content/schedule/chrome.md +++ b/content/schedule/chrome.md @@ -15,6 +15,9 @@ speakerTitle: Lessons learned from CT: scaling an ecosystem beyond a single log +* [Speaker Slides]({{< rel "/pdfs/summit2024/Scaling transparency ecosystems_ Lessons learned from CT.pdf" >}}) +* [Talk Recording](https://youtu.be/59PU99hQfro?si=VKLsIo6etIIH2vri) + --- ### Speaker diff --git a/content/schedule/closing.md b/content/schedule/closing.md index aca97ab..ab066b5 100644 --- a/content/schedule/closing.md +++ b/content/schedule/closing.md @@ -14,6 +14,6 @@ speakerTitle: Closing out the talk portion of the event we will have a fun closing quiz and some awards. -More details to come. +* [Talk Recording](https://youtu.be/lHfLMiiwsHA?si=Xr8aGOroSlS0DX0a) \ No newline at end of file diff --git a/content/schedule/depsdev.md b/content/schedule/depsdev.md index 592ce5f..14a653a 100644 --- a/content/schedule/depsdev.md +++ b/content/schedule/depsdev.md @@ -14,6 +14,8 @@ speakerTitle: Software Engineer, Google What metrics, APIs and indexes on Certificate Transparency data would be useful to you? New to the CT ecosystem, [deps.dev](https://deps.dev/) is excited to be working with Certificate Transparency data and wants to hear from you. Hear about the insights [deps.dev](https://deps.dev/) has provided on open source packages, and hear about potential insights that [deps.dev](https://deps.dev/) could provide into Certificate Transparency data. +* [Talk Recording](https://youtu.be/vd1uaLH3V5Q?si=QbdVvFUXZeXKzfAO) + --- ### Speaker diff --git a/content/schedule/healthcare.md b/content/schedule/healthcare.md index 20369fa..147d9b1 100644 --- a/content/schedule/healthcare.md +++ b/content/schedule/healthcare.md @@ -12,11 +12,6 @@ speakerTitle: Projects by IF
- ---- - -### Speaker - - +* [Talk Recording](https://youtu.be/Rj8l6Fd_iBg?si=CdCsqGpREbGX8pTU)
\ No newline at end of file diff --git a/content/schedule/keynote.md b/content/schedule/keynote.md index 2b66d6d..7056862 100644 --- a/content/schedule/keynote.md +++ b/content/schedule/keynote.md @@ -11,7 +11,12 @@ speaker: Al Cutter ---
-The opening keynote kicking off the event will be delivered by recent Levchin prize winner Al Cutter. +The opening keynote kicking off the event will be delivered by recent Levchin prize winner Al Cutter. + +* [Speaker Slides]({{< rel "/pdfs/summit2024/tdev2024_ Opener.pdf">}}) +* [Talk Recording](https://youtu.be/IJfgKh3gwOQ?si=hjTwg4SOj9z2pilS) + +---
diff --git a/content/schedule/kt-proton.md b/content/schedule/kt-proton.md index 5a53f6a..d89895f 100644 --- a/content/schedule/kt-proton.md +++ b/content/schedule/kt-proton.md @@ -14,6 +14,9 @@ speakerTitle: Proton What are the challenges faced implementing key transparency for email? This talk looks at how Proton has approached implementing key transparency. +* [Speaker Slides]({{< rel "/pdfs/summit2024/Key Transparency Proton.pdf" >}}) +* [Talk Recording](https://youtu.be/shUwnSFtP8g?si=Nf1hOIZhOrF-8hT9) + --- ### Speaker diff --git a/content/schedule/letsencrypt.md b/content/schedule/letsencrypt.md index 6673562..34364b9 100644 --- a/content/schedule/letsencrypt.md +++ b/content/schedule/letsencrypt.md @@ -14,6 +14,9 @@ speakerTitle: SRE Tech Lead Let's Encrypt operates one of the largest Certificate Authorities, along with Certificate Transparency logs. This talk discusses our experiences both as a submitter to CT as well as a log operator. We are excited about the new Sunlight log implementation, and will cover why we think Sunlight will be a good fit for us and for the larger CT ecosystem. +* [Speaker Slides]({{< rel "/pdfs/summit2024/Let's Encrypt CT @ Transparency Dev.pdf" >}}) +* [Talk Recording](https://youtu.be/QZnz8pvsN_w?si=kZsrAYNHzenzKGVK) + --- ### Speaker diff --git a/content/schedule/lightning-talk-ctkt.md b/content/schedule/lightning-talk-ctkt.md index 3abdb06..3a02751 100644 --- a/content/schedule/lightning-talk-ctkt.md +++ b/content/schedule/lightning-talk-ctkt.md @@ -15,6 +15,9 @@ speakerTitle: Senior Staff Cryptography Engineer, Mozilla Append-only ledgers like Certificate Transparency logs are simple, elegant and the bedrock of most modern transparency systems. Key Transparency systems are comparatively complex, but achieve much stronger privacy and transparency properties and have in recent years proven they can be successfully deployed at a global scale. This talk will consider systems that fall into the middle ground between these two approaches and ask whether they offer an interesting path forward for real world applications like the WebPKI. +* [Speaker Slides]({{< rel "/pdfs/summit2024/The Design Space between CT and KT.pdf">}}) +* [Talk Recording](https://youtu.be/FRyNAer9SD8?si=IplimUj-UoNRraCN) + --- ### Speaker diff --git a/content/schedule/lightning-talk-digital-id.md b/content/schedule/lightning-talk-digital-id.md index 020580e..c6ed1a4 100644 --- a/content/schedule/lightning-talk-digital-id.md +++ b/content/schedule/lightning-talk-digital-id.md @@ -14,6 +14,8 @@ speakerTitle: IT Security Researcher at the Austrian Secure Information Technolo In this lightning talk, we will explore the critical role of transparency logs in establishing trust and security within digital identity ecosystems. Transparency logs provide a robust mechanism for creating an auditable, tamper-proof record of credential lifecycle events, including issuance, presentations, and revocations. To implement these logs effectively, it is essential to utilize privacy-preserving cryptographic techniques, alongside scalable log structures and proof systems that can meet the requirements of large-scale digital identity solutions. We will examine how transparency logs can be applied to verifiable credential management systems, fostering accountability for issuers and verifiers while instilling confidence in users. +* [Talk Recording](https://youtu.be/6cNQTMQ5Qgg?si=uI2DGrwpjogCRzoE) + --- ### Speaker diff --git a/content/schedule/lightning-talks-day1.md b/content/schedule/lightning-talks-day1.md index 0e92b67..6266909 100644 --- a/content/schedule/lightning-talks-day1.md +++ b/content/schedule/lightning-talks-day1.md @@ -14,6 +14,8 @@ speakerTitle: Transparency approaches have extremely wide applicability throughout the technology and information landscape. Different use cases have different functional and non-functional requirements which suggest the need for a diverse – but not too diverse – transparency ecosystem to enable broad, practical adoption. This lightning talk aims to stimulate conversation and highlight opportunities for advancement of transparency technology through interoperable data structures, standards, open source code, and group cooperation. +* [Talk Recording](https://youtu.be/x2qvdXjSKPE?si=4-yJc1nKMHIpV3tS) + --- ### Speaker diff --git a/content/schedule/lightning-talks-day3.md b/content/schedule/lightning-talks-day3.md index 1d20a26..b6f89ed 100644 --- a/content/schedule/lightning-talks-day3.md +++ b/content/schedule/lightning-talks-day3.md @@ -13,12 +13,24 @@ speakerTitle:
Lightning Talks Schedule: - * Verifiable runtime transparency - Fredrik Strömberg - * Open Source Project Veraison - Yogesh Deshpande - * Auditing key transparency and making it public - Thibault Meunier - * The challenge of adopting post quantum cryptography - Bas Westerbaan - * Taking the pain a way with linear logs: its just an array! - Robin Bryce - * Running a Witness on Tkey? - Niels Möller - * Silent CT Monitoring - Rasmus Dahlberg +* Verifiable runtime transparency - Fredrik Strömberg + * [Speaker Slides]({{< rel "/pdfs/summit2024/RuntimeTransparency.pdf">}}) + * [Talk Recording](https://youtu.be/Lo0gxBWwwQE?si=CdHxFFnr3o6nNJJR) +* Open Source Project Veraison - Yogesh Deshpande + * [Speaker Slides]({{< rel "/pdfs/summit2024/LightningTalk-ProjectVeraison.pdf">}}) + * [Talk Recording](https://youtu.be/JqUXogjONqw?si=IbymQwimMTsaoOvu) +* Auditing key transparency and making it public - Thibault Meunier + * [Speaker Slides]({{< rel "/pdfs/summit2024/Auditing key transparency.pdf">}}) + * [Talk Recording](https://youtu.be/XI3vfuaQuqE?si=jSwbWYwP23fT6MLY) +* The challenge of adopting post quantum cryptography - Bas Westerbaan + * [Speaker Slides]({{< rel "/pdfs/summit2024/Post quantum off the cuff.pdf">}}) + * [Talk Recording](https://youtu.be/s0HQCx4wy44?si=wzj688mcaL8m4PTX) +* Taking the pain a way with linear logs: its just an array! - Robin Bryce + * [Talk Recording](https://youtu.be/pfMVQBUZfbQ?si=xNt2zuIpZljwgVRK) +* Running a Witness on Tkey? - Niels Möller + * [Talk Recording](https://youtu.be/fY_v7yNrl2A?si=YjKtPJGlXlph9qeL) +* Silent CT Monitoring - Rasmus Dahlberg + * + * [Talk Recording](https://youtu.be/ca-qnXIo-2Y?si=kbglW1WV16AibCit)
\ No newline at end of file diff --git a/content/schedule/logingestion.md b/content/schedule/logingestion.md index 72f5a2e..ef5e3c3 100644 --- a/content/schedule/logingestion.md +++ b/content/schedule/logingestion.md @@ -14,6 +14,8 @@ speakerTitle: Software Engineer, Google This lightning talk explores the CT Logs Ingestion journey from RFC6962 to Static CT API. Curious about the real-world implementation story and lesson learnt? Join me in this talk to embrace the Static CT API logs. +* [Talk Recording](https://youtu.be/HmHJiNoTh9I?si=Zz9CMapSceA2gccc) + --- ### Speaker diff --git a/content/schedule/pypi.md b/content/schedule/pypi.md index 2b3fecd..2b0404b 100644 --- a/content/schedule/pypi.md +++ b/content/schedule/pypi.md @@ -15,6 +15,9 @@ speakerTitle: Over the past year, PyPI (the default package index for the Python ecosystem) has moved rapidly to adopt digital attestations, building atop the foundations offered by the Sigstore project and previous initiatives like Trusted Publishing. This work has left PyPI itself in a stronger position than ever before, but has not yet meaningfully diminished the amount of trust required by package consumers in PyPI. This talk attempts to tackle the latter: it imagines a hypothetical “zero-trust” future for PyPI, and asks which technologies (whether currently practical and not) could get us to that future. +* [Speaker slides](https://yossarian.net/res/pub/transparency-2024.pdf) +* [Talk Recording](https://youtu.be/ZVC9dwmqX2s?si=8xc_EfYbEqbHOc2a) + --- ### Speaker diff --git a/content/schedule/sct-auditing.md b/content/schedule/sct-auditing.md index ac06633..cf52682 100644 --- a/content/schedule/sct-auditing.md +++ b/content/schedule/sct-auditing.md @@ -15,6 +15,9 @@ speakerTitle: Cloudflare A Signed Certificate Timestamp (SCT) is a promise that a Certificate Transparency (CT) log will eventually incorporate a certificate into its public log. This inclusion allows users to account for issued certificates and detect misissued certificates. By default, clients do not check if the log fulfilled the promise given with the SCT, as requesting a proof of inclusion from the log leaks the browsing history to the log. If an SCT is not checked, a sophisticated attacker could serve a bogus certificate that compromises privacy. There are numerous proposals for privacy-preserving SCT auditing, including foregoing the current architecture and switching to a new certificate system. In this talk we start by giving an update on current deployments and recent developments in SCT auditing proposals. We will follow by covering how SCT auditing could be deployed wider, auditing (almost) all connections either via cryptographic or non-cryptographic strategies. We then discuss a potential scenario where Merkle Tree Certificates (MTC) or a similar system is deployed, which would significantly reduce the number of SCTs that need to be audited: By using MTC, an outdated device may need to fall back to a different certificate system, e.g. X.509, we discuss several scenarios for the fallbacks and their estimated probabilities. We revisit SCT auditing strategies given that our estimates show that less than 0.1% of the connections will require an audit. +* [Speaker Slides]({{< rel "/pdfs/summit2024/heimberger-sct.pdf" >}}) +* [Talk Recording](https://youtu.be/f8unMB2Qjho?si=72ClhykaYDHf0sND) + --- ### Speaker diff --git a/content/schedule/sigstore.md b/content/schedule/sigstore.md index 84f3406..ed76cb5 100644 --- a/content/schedule/sigstore.md +++ b/content/schedule/sigstore.md @@ -14,6 +14,9 @@ speakerTitle: Tech Lead Manager at Google, OSS Supply Chain Security This talk explores the motivations behind signature transparency, the role of transparency in Sigstore identities, and the ongoing improvements we're making to enhance Sigstore's transparency adoption. +* [Speaker Slides]({{< rel "/pdfs/summit2024/Nowhere to Hide - Sigstore.pdf">}}) +* [Talk Recording](https://youtu.be/au_nkj0iBj8?si=YSo9C2hFSZyrlnz_) + --- ### Speaker diff --git a/content/schedule/sigsum.md b/content/schedule/sigsum.md index e9b86ee..2f320d2 100644 --- a/content/schedule/sigsum.md +++ b/content/schedule/sigsum.md @@ -17,7 +17,8 @@ makes a signer's key-usage transparent. This talk introduces the design, which can be used as a building block to transparently publish executable binaries, reproducibility statements, KT tree heads, configuration files, and much more. -**Speaker slides:** [What is Sigsum and how can I use it for my application?](https://git.glasklar.is/rgdd/tdev-summit-24/-/blob/main/slides.pdf) +* [Speaker slides](https://git.glasklar.is/rgdd/tdev-summit-24/-/blob/main/slides.pdf) +* [Talk Recording](https://youtu.be/Mp23yQxYm2c?si=hhkYjqvWBOgzCDyV) --- diff --git a/content/schedule/talk10.md b/content/schedule/talk10.md index e4e673c..de80e71 100644 --- a/content/schedule/talk10.md +++ b/content/schedule/talk10.md @@ -13,6 +13,9 @@ speakerTitle: Research Engineer, Taurus
Highly sensitive code managing crypto secrets needs to run in secure environments, often very constrained in capacity. Given these constraints, I will explain how we managed to fit as much logic as possible, as close to the secrets as possible, while also addressing the roles that transparency and verifiability play in ensuring security and trust. + +* [Talk Recording](https://youtu.be/qShvsLhSjgs?si=PY5G6Cg65lQVLD5T) + --- ### Speaker diff --git a/content/schedule/talk12.md b/content/schedule/talk12.md index 54e8275..aa7d117 100644 --- a/content/schedule/talk12.md +++ b/content/schedule/talk12.md @@ -16,6 +16,9 @@ How do I know where my machine learning model came from, and how can I prove it? We present an open-source specification and implementation to cryptographically sign an arbitrary collection of files which comprise an ML model, to create a mechanism to verify the integrity of a machine learning model to ensure trust between the model producer and end-user. By implementing model signing, we are paving the way for model transparency which helps strengthen the AI supply chain. With this, one could see who has trained the model, what training framework has been used, what datasets were used, and much other useful information. +* [Speaker Slides]({{< rel "/pdfs/summit2024/ML Model Signing.pdf">}}) +* [Talk Recording](https://youtu.be/QHOzEkw_9d4?si=Sc0p3IL6Uty861C2) + --- ### Speaker diff --git a/content/schedule/tesseratalk.md b/content/schedule/tesseratalk.md index 7101d0d..a9f36f5 100644 --- a/content/schedule/tesseratalk.md +++ b/content/schedule/tesseratalk.md @@ -15,6 +15,9 @@ speakerTitle: Introducing Trillian Tessera, next-generation tile-based transparency logs +* [Speaker Slides]({{< rel "/pdfs/summit2024/tdev2024_ Tessera.pdf">}}) +* [Talk Recording](https://youtu.be/9j_8FbQ9qSc?si=Fh619Ad_n6j4sClF) + --- ### Speakers diff --git a/content/schedule/witness.md b/content/schedule/witness.md index cdf2c63..51d5ec4 100644 --- a/content/schedule/witness.md +++ b/content/schedule/witness.md @@ -14,10 +14,14 @@ speakerTitle: In this focused session, "From Witnessing to Transparent Ecosystems," we will explore the journey from the foundational concept of "witnessing" to the realization of fully transparent, end-to-end ecosystems. Our four talks are structured to interlock seamlessly, providing a holistic view of Witnessing and its broader impact. - * Witnessing & ArmoredWitness overview - Martin Hutchinson - * Using TamaGo to build the ArmoredWitness - Andrea Barisani - * Firmware Transparency for the ArmoredWitness - Al Cutter - * End-to-end transparency from logging to monitoring - Filippo Valsorda +* Witnessing & ArmoredWitness overview - Martin Hutchinson +* Using TamaGo to build the ArmoredWitness - Andrea Barisani +* Firmware Transparency for the ArmoredWitness - Al Cutter +* End-to-end transparency from logging to monitoring - Filippo Valsorda + + * [Speaker Slides]({{< rel "/pdfs/summit2024/tdev2024_ ArmoredWitness.pdf">}}) + * [Talk Recording Part 1](https://youtu.be/v9cgvZXRRZU?si=IViyJo-1LupkqMSd) + * [Talk Recording Part 2](https://youtu.be/uZXESulUuKA?si=YdJ4n_I8aE-tJ8K_) --- diff --git a/static/pdfs/summit2024/Auditing key transparency.pdf b/static/pdfs/summit2024/Auditing key transparency.pdf new file mode 100644 index 0000000..8c2931f Binary files /dev/null and b/static/pdfs/summit2024/Auditing key transparency.pdf differ diff --git a/static/pdfs/summit2024/Key Transparency Proton.pdf b/static/pdfs/summit2024/Key Transparency Proton.pdf new file mode 100644 index 0000000..4245e09 Binary files /dev/null and b/static/pdfs/summit2024/Key Transparency Proton.pdf differ diff --git a/static/pdfs/summit2024/Let's Encrypt CT @ Transparency Dev.pdf b/static/pdfs/summit2024/Let's Encrypt CT @ Transparency Dev.pdf new file mode 100644 index 0000000..92aec6b Binary files /dev/null and b/static/pdfs/summit2024/Let's Encrypt CT @ Transparency Dev.pdf differ diff --git a/static/pdfs/summit2024/LightningTalk-ProjectVeraison.pdf b/static/pdfs/summit2024/LightningTalk-ProjectVeraison.pdf new file mode 100644 index 0000000..3194e66 Binary files /dev/null and b/static/pdfs/summit2024/LightningTalk-ProjectVeraison.pdf differ diff --git a/static/pdfs/summit2024/ML Model Signing.pdf b/static/pdfs/summit2024/ML Model Signing.pdf new file mode 100644 index 0000000..76a54c6 Binary files /dev/null and b/static/pdfs/summit2024/ML Model Signing.pdf differ diff --git a/static/pdfs/summit2024/Nowhere to Hide - Sigstore.pdf b/static/pdfs/summit2024/Nowhere to Hide - Sigstore.pdf new file mode 100644 index 0000000..d53dd39 Binary files /dev/null and b/static/pdfs/summit2024/Nowhere to Hide - Sigstore.pdf differ diff --git a/static/pdfs/summit2024/Post quantum off the cuff.pdf b/static/pdfs/summit2024/Post quantum off the cuff.pdf new file mode 100644 index 0000000..053d632 Binary files /dev/null and b/static/pdfs/summit2024/Post quantum off the cuff.pdf differ diff --git a/static/pdfs/summit2024/RuntimeTransparency.pdf b/static/pdfs/summit2024/RuntimeTransparency.pdf new file mode 100644 index 0000000..9ab5334 Binary files /dev/null and b/static/pdfs/summit2024/RuntimeTransparency.pdf differ diff --git a/static/pdfs/summit2024/Scaling transparency ecosystems_ Lessons learned from CT.pdf b/static/pdfs/summit2024/Scaling transparency ecosystems_ Lessons learned from CT.pdf new file mode 100644 index 0000000..2da6c68 Binary files /dev/null and b/static/pdfs/summit2024/Scaling transparency ecosystems_ Lessons learned from CT.pdf differ diff --git a/static/pdfs/summit2024/The Design Space between CT and KT.pdf b/static/pdfs/summit2024/The Design Space between CT and KT.pdf new file mode 100644 index 0000000..0fa433b Binary files /dev/null and b/static/pdfs/summit2024/The Design Space between CT and KT.pdf differ diff --git a/static/pdfs/summit2024/heimberger-sct.pdf b/static/pdfs/summit2024/heimberger-sct.pdf new file mode 100644 index 0000000..c0749a4 Binary files /dev/null and b/static/pdfs/summit2024/heimberger-sct.pdf differ diff --git a/static/pdfs/summit2024/tdev2024_ ArmoredWitness.pdf b/static/pdfs/summit2024/tdev2024_ ArmoredWitness.pdf new file mode 100644 index 0000000..818f188 Binary files /dev/null and b/static/pdfs/summit2024/tdev2024_ ArmoredWitness.pdf differ diff --git a/static/pdfs/summit2024/tdev2024_ Opener.pdf b/static/pdfs/summit2024/tdev2024_ Opener.pdf new file mode 100644 index 0000000..f79a264 Binary files /dev/null and b/static/pdfs/summit2024/tdev2024_ Opener.pdf differ diff --git a/static/pdfs/summit2024/tdev2024_ Tessera.pdf b/static/pdfs/summit2024/tdev2024_ Tessera.pdf new file mode 100644 index 0000000..4fd93d6 Binary files /dev/null and b/static/pdfs/summit2024/tdev2024_ Tessera.pdf differ