SSL And The Future Of Authenticity
- Type
- Video
- Tags
- SSL
- Authors
- Moxie Marlinspike
- Event
- Black Hat USA 2011
- Indexed on
- Feb 24, 2014
- URL
- https://media.blackhat.com/bh-us-11/Marlinspike/BlackHat-USA-2011-Marlinspike-SSL-Future-Authenticity-SlidesOnly.mov
- File name
- BlackHat-USA-2011-Marlinspike-SSL-Future-Authenticity-SlidesOnly.mov
- File size
- 160.7 MB
- MD5
- d9425a7cb2da5a033f681a1b3bd0e737
- SHA1
- 621bb337df306ea341f1c5ebeb8cf1d4e77afb61
In the early 90's, at the dawn of the World Wide Web, some engineers at Netscape developed a protocol for making secure HTTP requests, and what they came up with was called SSL. Given the relatively scarce body of knowledge concerning secure protocols at the time, as well the intense pressure that everyone at Netscape was working under, their efforts can only be seen as incredibly heroic. But while it's amazing that SSL has endured for as long as it has, some parts of it -- particularly those concerning Certificate Authorities -- have always caused some friction, and have more recently started to cause real problems. This talk will provide an in-depth examination of the current problems with authenticity in SSL, discuss some of the recent high-profile SSL infrastructure attacks in detail, and cover some potential strategies for the future. It will conclude with a software release that aims to definitively fix the disintegrating trust relationships at the core of this fundamental protocol.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
