Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security The Internet Technology

Father of SSL Talks Serious Security Turkey 74

coondoggie writes with an excerpt from a Network World article: "SSL/TLS, the protocol that protects security of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself. But despite the exploit ... and the failures of certificate authorities such as Comodo and DigiNotar that are supposed to authenticate users, the protocol has a lot of life left in it if properly upgraded as it becomes necessary, says Taher Elgamal, CTO of Axway and one of the creators of SSL."
This discussion has been archived. No new comments can be posted.

Father of SSL Talks Serious Security Turkey

Comments Filter:
  • by Anonymous Coward
    I don't have anything to hide!
    • What will you do when not having anything to hide then becomes illegal?
    • Just post those bank account numbers, the routing codes, and a credit card number or 2. They're not worth hiding.
      • Actually, that's interesting. I don't have a CC*, and as far as I know there's nothing one can do with my IBAN; direct debits and such have to be authorized Ã-priori with the bank.

        Frankly, having only a single set of numbers that anyone can use to debit money from an account seems completely retarded to me. It's like giving your password instead of using OAuth, and bank accounts are still "somewhat" more important than Twitter's, one would think.

        * actually, I have many; they're just virtual, have a sma

    • I don't have anything to hide!

      I find it ironic that "Anonymous Coward" has nothing to hide

    • You and Todd Davis of LifeLock seem to share this unpopular opinion.
      • Didn't the social security administration tell him in no uncertain terms to stop posting his ssn publicly, due to the number of illegal aliens using it for job applications?

  • I am more worried about my ISP packet sniffing my traffic than a black hat.
    As long as the SSL is good enough to keep my ISP ignorant, it's good enough for me.

  • Are there no upgrades to TLS 1.0 available? I thought the issue was browsers and websites that hadn't upgraded.

    • In Windows land:

      IIS 7.5 (2008R2) and at least Windows 7 are required to support TLS 1.1 and 1.2.

      In Linux Land:

      Apache's mod_ssl does not support TLS 1.1 and 1.2, you need to use mod_gnutls, which is not default on many webservers.
  • Patches fix security flaw. News at 11
  • by colfer ( 619105 ) on Tuesday October 11, 2011 @03:54PM (#37682870)

    He hears rumors in Calif. of a new trust system to complement PKI. That's all he will say when the interviewer questions him repeatedly about a solution to the problem he goes on at length about: that browsers have PKI roots built in. I agree it's a terrible system, but asking the clueless user to select trusted roots would have its own problems, in, say, Iran. Or more precisely, clueless users in the US make it hard to deploy a system for careful users in Iran. The UI has to be both easy & difficult.

  • by Synerg1y ( 2169962 ) on Tuesday October 11, 2011 @03:55PM (#37682892)

    Why do none support TLS 1.1, firefox is releasing new versions of its browser on an insane schedule, IE is on version 9, chrome is moving along, yet no tls 1.1? Is there something I'm missing here?

    Of all the useless features they've implemented in the past year, why not secure the browser? I remember when firefox was proud of it's security.

    Then again good luck replacing ssl, what are viable alternatives? Pointless discussion if there aren't any...

    Also read carefully about BEAST, it's not a remote exploit, so you can't just click and choose the stream you want to sniff, it's a ways more complicated and requires a high level of trust on the compromised machine.

    • by AK Marc ( 707885 )
      I checked the Opera I'm using and it allows me to use TLS 1, TLS 1.1, and TLS 1.2, and I can even disable the older ones to make sure I didn't auto-failback to an insecure TLS. Just because Firefox/IE doesn't do it doesn't mean it's not already out there in a free browser.
      • The argument that most websites haven't been upgraded is insane. The website admins won't upgrade their servers until the browser community can support it.

        If Opera is already doing it, they've shown it can be done. Failure to do the same with Firefox, Chrome, et. al. is a sign of either laziness, incompetence, or extremely bad planning.

        Stop farting around with 3D support and take care of the security fundamentals first!

  • by praseodym ( 813457 ) on Tuesday October 11, 2011 @03:59PM (#37682938) Homepage
    The guy is pledging for automatic updates:

    We have to build a mechanism to automatically update things. We did not do that. The right way to design, if we were to update things an updating protocol that automatically updates itself so when the next version comes up it knows where to find the next version rather than having to wait for a Windows update or whatever.

    Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this. Microsoft revoked the DigiNotar certificate without issuing a real Windows update:

    On August 29, 2011, Microsoft removed the trust from one DigiNotar root certificate by updating the Microsoft CTL. Why is Microsoft releasing an update? Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List to validate the trust of a certification authority. As a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.


    • WOW! What else can this amazing operating system do? Who makes this? Micro What?
    • Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this. Microsoft revoked the DigiNotar certificate without issuing a real Windows update:

      Single point of failure.

    • by Anonymous Coward

      Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this

      No it doesn't. What Microsoft does is disable certficates.

      Taher Elgamal is talking about automatically patching/updateing the SSL protocol itself, not just some certificate disabling. Nice idea, but noway that is going to happen in any serious environment. Just like with any other update, anyone taking his systems seriously will want to test this before deploying. Especially because this is about a communication protocol. Just imagine your VPN tunnels failing because the product on one end of the tunnel was

  • I used to be in favor of patching things with DNSSEC, until I thought about it. I didn't really think about it until I saw moxie's blackhat talk. I happened to see it live, but not at blackhat. It's great. I think it's also a bulletproof argument against the CAs and DNSSEC. The protocol itself can be fixed (the security attack), but the current CA system pretty much can't be in a way that would satisfy me after seeing the talk. [] [] (t

    • by Lennie ( 16154 )

      While I really like the concept, I'm not sure how well this will work in practise scale.

      The thing I like least about it is that it caches known certs for as long as the cert is valid.

      How do people revoke certs of compromised keys in that model ?

      • There are problems with this approach, but they're no worse than the CA-SSL model. In fact, they're quite a bit more survivable. And anyway, the idea is young. It will get better.

        Regarding revocations. Do you really (honestly) subscribe to any revocation lists now? I've done this in the past, but I haven't done it for years and I care about this topic very much. The problem is the same with CA-SSL vs Convergence-SSL only with convergence you can sometimes detect the problem and with CA-SSL, you'll

        • by Lennie ( 16154 )

          No revocation lists are usually huge, like 200MB+ so pretty much useless.

          But you don't need a revocation list to revoke a certificate in any moden browser. It usually supports OCSP.

          I believe browsers don't cache OCSP-responses longer than the browsing session (for as long as the browser is open) ?

          So if you enable "When an OCSP server connection fails, treat the connection as invalid" you will be 'safe'.

          Next time you start the browser OCSP is checked, thus if the certificate is revoked you would get a proper

          • You're probably right. I have no idea how OSCP actually works, just nebulous ideas about how it probably functions. I don't think it changes much with respect to my (er, moxie's) arguments though. Who really has this turned on anyway? How does it solve the trust problems inherent with the CA-SSL model?

            Local caching is a personal decision and it's a setting even in the prototype. You can choose to cache, or not. You can choose your notaries, or use the defaults. You can also choose between simple

            • by Lennie ( 16154 )

              Forgot about that, you can turn off the cache. I don't currently use it, I was actually looking at the source on github. :-)

              Anyway, I keep wondering how it will scale in general, like how would the general public who knows nothing about these settings and how it works or how to use it.

              For example let's say you have many, many people using the same notary as a default in the browser, you could never ever turn it off.

              • by Lennie ( 16154 )

                Something else I'm thinking.

                If this gets introduced to the general public.

                The first thing that will happen immediately is that when you install your new Windows Anti-Virus software the vendor will implement their own and just add their notary to the list.

                Let me guess the OEM will add it's own notary as well ?

                This all seems like a bad idea.

                I don't know, maybe I'm just in a negative mood :-)

                • Right now there's only one notary... er, two ... But later, if this catches on at all, there'd be like 30 or a thousand... and your client would probably pick randomly the first time. And if one failed, you'd just skip that one and use another (depending on your settings of course). I can imagine a hundred ways around the scalability problems (in your browser anyway).

                  Actually, Moxie talks about what happens if some of your notaries are untrusted. Since the FBI or the credit card thief will never know

                  • (Didn't really finish my thought: So if the OEM adds its own notary, you don't really lose anything as long as there's a couple others on the list too.)

  • Talks Serious Security Turkey... I had to read that four times before it actually made sense. Talks securitious security... turkey security.. Sorry for the randomness, but I wouldn't have even clicked this article had it not been for the title being so weird.
  • Wasn't Canadian Thanksgiving yesterday?

  • Summarizing...

    BEAST, TLS 1.0 v. 1.1
    The BEAST attack is somewhat a concern for TLS 1.0, just how practical the attack is has yet to be seen. Requires malware on your the system, so he says, which means you've already lost the game. Moving to TLS 1.1 would protect against BEAST, but is problematic because of lack of support.

    CA System, upgrades

    Is there a better way than certificate authorities?

    The fact that browsers were designed with built-in root keys is unfortunate. That is the wrong thing, but it's ver

"The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972