Father of SSL Talks Serious Security Turkey 74
coondoggie writes with an excerpt from a Network World article: "SSL/TLS, the protocol that protects security of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself. But despite the exploit ... and the failures of certificate authorities such as Comodo and DigiNotar that are supposed to authenticate users, the protocol has a lot of life left in it if properly upgraded as it becomes necessary, says Taher Elgamal, CTO of Axway and one of the creators of SSL."
With all these different browser versions... (Score:3, Interesting)
Why do none support TLS 1.1, firefox is releasing new versions of its browser on an insane schedule, IE is on version 9, chrome is moving along, yet no tls 1.1? Is there something I'm missing here?
Of all the useless features they've implemented in the past year, why not secure the browser? I remember when firefox was proud of it's security.
Then again good luck replacing ssl, what are viable alternatives? Pointless discussion if there aren't any...
Also read carefully about BEAST, it's not a remote exploit, so you can't just click and choose the stream you want to sniff, it's a ways more complicated and requires a high level of trust on the compromised machine.