JP
Upload

BlackHat USA 2011: SSL And The Future Of Authenticity

Christiaan008 Christiaan008·7,067 videos
16,803
59,291
Like     Dislike 4

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like Christiaan008's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike Christiaan008's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add Christiaan008's video to your playlist.

Uploaded on Aug 18, 2011

Speaker: MOXIE MARLINSPIKE

In the early 90's, at the dawn of the World Wide Web, some engineers at Netscape developed a protocol for making secure HTTP requests, and what they came up with was called SSL. Given the relatively scarce body of knowledge concerning secure protocols at the time, as well the intense pressure that everyone at Netscape was working under, their efforts can only be seen as incredibly heroic. But while it's amazing that SSL has endured for as long as it has, some parts of it -- particularly those concerning Certificate Authorities -- have always caused some friction, and have more recently started to cause real problems.

This talk will provide an in-depth examination of the current problems with authenticity in SSL, discuss some of the recent high-profile SSL infrastructure attacks in detail, and cover some potential strategies for the future. It will conclude with a software release that aims to definitively fix the disintegrating trust relationships at the core of this fundamental protocol.

For more information or download the video visit: http://bit.ly/BlackHat_USA_2011_infor...

The interactive transcript could not be loaded.
Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Top Comments

  • jeroeniskoning

    jeroeniskoning 1 year ago

    Please people, listen to this genius !

    · 33

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate jeroeniskoning's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate jeroeniskoning's comment.
  • DanielMarschall

    DanielMarschall 1 year ago

    He didn't explain how the connections to the notaries are secured... this would have been very interesting and this is probably the weak point of Convergence. Are the notaries secured by a CA signature? How do I know which notaries I should trust? And how do I get their public keys in a secure way? Is the list of default notaries really secure?

    · 13

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate DanielMarschall's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate DanielMarschall's comment.

All Comments (69)

Sign in now to post a comment!
  • jessebickeldotcom

    jessebickeldotcom 5 days ago

    The notary certificate is included in the "bundle" that a user chooses. The bundle is the means of communicating trust of a notary to the user agent. Take a look at server/convergence-bundle.py in moxie0's github account.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate jessebickeldotcom's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate jessebickeldotcom's comment.
    in reply to DanielMarschall (Show the comment)
  • Cocodrilo92

    Cocodrilo92 3 months ago

    Most likely

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Cocodrilo92's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Cocodrilo92's comment.
    in reply to Hans-Henrik Stærfeldt (Show the comment)
  • Hans-Henrik Stærfeldt

    Hans-Henrik Stærfeldt 4 months ago

    Risking repeating a good point to sound clever. But this is a good point!

    Are traffic to the notaries subject to man-in-the-middle attacks?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Hans-Henrik Stærfeldt's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Hans-Henrik Stærfeldt's comment.
    in reply to DanielMarschall (Show the comment)
  • greg ferreira

    greg ferreira 4 months ago

    thought i was smart til i listened to this, holy shit!!!

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate greg ferreira's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate greg ferreira's comment.
  • DarkVideo007

    DarkVideo007 4 months ago

    I love his intro!! xD

    so funny

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate DarkVideo007's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate DarkVideo007's comment.
  • Frederik Pedersen

    Frederik Pedersen 7 months ago

    Why this not for chrome ?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Frederik Pedersen's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Frederik Pedersen's comment.
  • someman7

    someman7 7 months ago

    I wouldn't know, you could perhaps check the author's website or e-mail him.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate someman7's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate someman7's comment.
    in reply to Andrei Petcu (Show the comment)
  • Andrei Petcu

    Andrei Petcu 7 months ago

    No h t t p s on convergence!

    Is the project dead? No more commits in the last 8 months. The project is still in beta?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Andrei Petcu's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Andrei Petcu's comment.
    in reply to someman7 (Show the comment)
  • someman7

    someman7 8 months ago

    .io? Are you kidding me? Dude.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate someman7's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate someman7's comment.
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later