Last week we had the third Security Engineering University Relationship Framework (SURF) summit in Vienna. The last SURF summit I attended was the first one in London 2018.

This time we had four talks by Mozillians, three invited talks, as well as eight lightning talks. I live-tweeted a little during the event if you like slides on photos.

Christoph talked about how to harden the content security landscape of Firefox and posed the question how we could do some of that on the web. The web PKI with all its problems was the topic of Thyla’s talk, with a focus on CRLite. There’s also a blog post on the Mozilla security blog on this with more details and links.

One prominent topic at this SURF summit was how to preserve privacy online and counter tracking. Natliia gave an invited talk on detecting trackers missed by filter lists and browser extensions, Steven talked about challenges in building a private web and Gunes about dark patterns and how to find them on the web.

On the crypto side we had Kenny talk about API design of crypto primitves and primality testing. Details can be found in the well titled papers safety in numbers and prime and prejudice. I talked about Post Quantum Crypto and Mozilla calling on more experiments with post quantum crypto beyond TLS key exchange.

We closed the summit with a panel discussion on the gap between theory and practice.