SSL And The Future Of Authenticity

DEF CON 19

Presented by: Moxie Marlinspike
Date: Friday August 05, 2011
Time: 12:00 - 12:50
Location: Penn & Teller Theater
Track: Penn & Teller

In the early 90's, at the dawn of the World Wide Web, some engineers at Netscape developed a protocol for making secure HTTP requests, and what they came up with was called SSL. Given the relatively scarce body of knowledge concerning secure protocols at the time, as well the intense pressure that everyone at Netscape was working under, their efforts can only be seen as incredibly heroic. But while it's amazing that SSL has endured for as long as it has, some parts of it -- particularly those concerning Certificate Authorities -- have always caused some friction, and have recently started to cause real problems. This talk will examine authenticity within SSL, shed new light on the current problems, and cover some new strategies for how to move forward.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats