Portuguese English German

HTTP/2 and Security

Yesterday, I spoke about HTTP/2 and its relation to security jobs at Mind the Sec. Today was the last day of the conference, so now I have some spare time to write this blog post :)

Today was also the day that Bruce Schneier talked about lessons learned from Sony. Although he has spoken about it previously at other conferences, it was a cool experience to see him in person. I also had the privilege to talk to him directly, so I asked, "Is your WiFi still open?" alluding to his blog post in 2008 because it is a very controversial topic. He said "yes." This is interesting because even after all the debate surrounding this issue, the mindset of considering that you're always on a hostile network is worthwhile. I believe in that. Google also believes in that, so they moved their corporate applications to the Internet. I had the pleasure of discussing that with him. Those were the best 2 minutes of the entire conference, hehe, amazing.

Back to the HTTP/2 talk, I presented its inner workings, what changed from HTTP/1.1, and added more information not widely published, such as the reliability mechanism of HTTP/2. I also explained why speed matters, not only from a technical perspective but also from a business perspective to generate more revenue because the user experience will be better. I touched on opportunistic encryption as well, although it's not present in RFC 7540.

The slides are free and available here.

Share on Twitter Share on Facebook Share on LinkedIn Share on Hacker News

Popular Posts