Securing the Open-source Future

Cryptography, Trust, and Open-Source with Filippo Valsorda


Throughout this episode, Filippo offers a comprehensive view of his professional journey in the field, from his initial intrigue with cryptographic algorithms during his high school years to his pivotal role in the Go Team at Google. Key discussion points include:




• Key milestones in web cryptography include HTTPS, WebPKI, and the impact of messaging protocols like Signal and WhatsApp on end-to-end encryption.


• Looking to the future, Filippo discusses the importance of transparency mechanisms in cryptography and highlights the need for accountability.


• Filippo advises against rolling one's own crypto but encourages collaboration and learning with experienced individuals to build a feedback loop for secure implementations.


• Filippo shares his thoughts on the current state of Certificate Authorities (CAs).


• Filippo explains the accountability established by transparency in open source and compares it to closed-source software.


• Security patching is addressed, highlighting the need for a balance between stability and urgency when applying patches.


• Filippo explains the potential threats posed by quantum computers and the ongoing efforts to implement post-quantum key exchanges in protocols like SSH and TLS.


• Cryptographic concerns in cloud computing are discussed, focusing on the importance of trust in cloud platforms while acknowledging the shared responsibility model.


• In a practical piece of advice for improving security, Filippo recommends being deliberate in trimming dependency trees to reduce vulnerabilities.