Author(s):	Marlon Dutra
Location	Room 103
Date	aug Sun 14	Days Raw Files
Start	13:40	First Raw Start	error-in-template
Duration	0:40:00	Offset	None
End	14:20	Last Raw End
Chapters
Total cuts_time	None min.

https://2016.pycon-au.org/schedule/68/view_talk
raw-playlist raw-mp4-playlist encoded-files-playlist mp4 svg png

assets release.pdf Empowering_X509_Certificate_Management_with_Python.json
logs
Admin: episode episode list cut list raw files day marks day marks day image_files

State:	--------- borked edit encode push to queue post richard review 1 email review 2 make public tweet to-miror conf done
Locked:	clear this to unlock
Locked by:	user/process that locked.
Start:	initially scheduled time from master, adjusted to match reality
Duration:	length in hh:mm:ss
Name:	Video Title (shows in video search results)
Emails:	email(s) of the presenter(s)
Released:	Unknown Yes No has someone authorised pubication
Normalise:
Channelcopy:	m=mono, 01=copy left to right, 10=right to left, 00=ignore.
Thumbnail:	filename.png
Description:	Today, more than ever before, security is part of the fabric of the internet, with most websites defaulting to https over the historically used default of unsecured http. Whenever you see a URL starting with https:// (https:), your browser is sending the HTTP (or Spdy) traffic through a Transport Layer Security (TLS) tunnel. Part of establishing this secure tunnel involves your browser validating an X.509 certificate provided by the website you're viewing. This allows you to be sure that the server on the other end is who it says it is before you send some potentially sensitive information like your username and password. This is just one example of how these technologies can be used, but there are many more. In distributed systems that communicate sensitive information, like user data, it is imperative to have a mutual authentication mechanism, where the client is confident it is talking to the right service, as well as the service being confident it is talking to the right client. Beyond strong authentication, it is usually desirable to have some authorization logic, to prevent clients from having unrestricted access to all services. Since any TCP communication can be tunneled through TLS, and TLS supports such mutual authentication through X.509 certificates, they are the perfect set of tools for the job. The problem to solve then becomes how you manage all of these certificates. Crafting simple certificates with the openssl command line is a bit tricky but doable. However, modern certificates support a variety of advanced features and it is quite complicated to take full advantage of them through the command line, especially in a programmatic way. This is where Python can be a powerful tool. Through the use of certain libraries, you can inject valuable information into your certificates that can be used for many purposes, such as establishing a robust authorization model for a service. In this session we'll explore some of the ways you can leverage X.509 certificate features to better protect your systems and data. We'll give specific examples of how to use Python for the programmatic management of complex certificates as well as talking about how the largest website on the Internet, Facebook, handles hundreds of thousands of such certificates in its internal infrastructure, using these same approaches. By the end of this talk, you will understand how to craft your own elaborate certificates with Python and how to use them to secure communications between networked services. markdown
Comment:	production notes