2025-08-09 –, Brachium
Language: English
Let's talk to people about negotiating consent before engaging in personal and physical interactions. Your browser does it with every web server, so why shouldn't you do the same with people? This sounds harder than it actually is. Using the HTTP protocol as a guide this I will talk you through how you could negotiate consent to engage with someone on a variety of levels: From 'GET Hug' all the way to 200 OK, but also how to deal with a 404 Consent not found response.
Consent is hot. Consent is good. Consent should be explicitly communicated. This sounds harder than it actually is. In this talk I will present on how to conduct consent negotiations for various levels of interpersonal contact. As illustration I will use the HTTP protocol guide the you through the consent negotiations for an encounter.
Don't worry if you're unfamiliar with the HTTP protocol, I'll be sure that it all will be easy to understand including for those that don't dabble in raw HTTP traffic on a daily basis.
After the initial SYN-ACK from the TCP handshake we will get on with the initial HTTP Verbs such as GET and OPTIONS to initiate a consent negotiation and going through various permutations and outcomes. It will include simple Happy Flows, but also more complicated redirects, errors and how to gracefully deal with an unhappy flow if the response returned is not a 200 OK with a body that you hoped for.
I'm the one that often yaps about threat modeling and musicals, sometimes combined in the same talk. You might have seen my previous talks at WICCON, HackerHotel or PancakesCon. I move in social circles where consent negotiations for interpersonal connections are a common, even between long-time partners, some of the lessons I've learned there I want to share with the hacker community.
Because mortgages need to be paid and theatre tickets don't buy themselves I have a day job as security consultant doing DevSecOps, threat modeling, and GRC things. Which means as much as that I read and write slidedecks, click on links in e-mails, and happily take on the role of corporate jester for money. At WHY2025 I'm the lead of Team:Cohesion and heavily involved with all things Code of Conduct and consent. You can also find me in the WICCA&WICCON orga.