HTTP/2 and Security

Yesterday, I spoke about HTTP/2 and its relation to security jobs at Mind the Sec. Today was the last day of the conference, so now I have some spare time to write this blog post :)

Today was also the day that Bruce Schneier talked about lessons learned from Sony. Although he has spoken about it previously at other conferences, it was a cool experience to see him in person. I also had the privilege to talk to him directly, so I asked, "Is your WiFi still open?" alluding to his blog post in 2008 because it is a very controversial topic. He said "yes." This is interesting because even after all the debate surrounding this issue, the mindset of considering that you're always on a hostile network is worthwhile. I believe in that. Google also believes in that, so they moved their corporate applications to the Internet. I had the pleasure of discussing that with him. Those were the best 2 minutes of the entire conference, hehe, amazing.

Back to the HTTP/2 talk, I presented its inner workings, what changed from HTTP/1.1, and added more information not widely published, such as the reliability mechanism of HTTP/2. I also explained why speed matters, not only from a technical perspective but also from a business perspective to generate more revenue because the user experience will be better. I touched on opportunistic encryption as well, although it's not present in RFC 7540.

The slides are free and available here.