Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Friday, June 23, 2017

ISCA 2017: " Ignore the warnings about the certificate."

ISCA 2017: " Ignore the warnings about the certificate."
It seems wrong that the webpage for ISCA, the International Symposium on Computer Architecture, which has two sessions on security and also includes a workshop on Hardware and Architectural Support for Security and Privacy, cannot do certificate based security properly.



I haven't looked at the certs, but I understand why: creating a cert for a subdomain which such a relatively short active life is a pain. Yes, even with the EFFs free certs.  (Note that conference websites often survive years, sometimes decades - but nobody gets credit for securing such a site after the conference ends. (Hmm, maybe bad guys who want to attack the sorts of people who go to such conferences should make such stale sites infectious.) )



Still: computer architects  should know enough to get valid certs.



And I wish that the world was more comfortable in allowing domain owners to issue signing certs fir subdomains, and so on.

No comments: