BlackHat USA 2011: SSL And The Future Of Authenticity
Loading...
Uploaded by ChRiStIaAn008 on Aug 18, 2011
Speaker: MOXIE MARLINSPIKE
In the early 90's, at the dawn of the World Wide Web, some engineers at Netscape developed a protocol for making secure HTTP requests, and what they came up with was called SSL. Given the relatively scarce body of knowledge concerning secure protocols at the time, as well the intense pressure that everyone at Netscape was working under, their efforts can only be seen as incredibly heroic. But while it's amazing that SSL has endured for as long as it has, some parts of it -- particularly those concerning Certificate Authorities -- have always caused some friction, and have more recently started to cause real problems.
This talk will provide an in-depth examination of the current problems with authenticity in SSL, discuss some of the recent high-profile SSL infrastructure attacks in detail, and cover some potential strategies for the future. It will conclude with a software release that aims to definitively fix the disintegrating trust relationships at the core of this fundamental protocol.
For more information or download the video visit: http://bit.ly/BlackHat_USA_2011_information
- 461 likes, 3 dislikes
-
Top Comments
All Comments (49)
-
The whole concept of "perspectives" is great! The problem is not that there's no ideas about securing the internet, but the businesses are the ones who make this difficult for their own advantage. User is initiating the trust with authorities that they trust, this means that they can change their mind making companies care about improving security.
-
@Clayne151 I would imagine, given the limited number of notaries at the moment, that convergence bootstraps with inbuilt certificates for those notaries.
-
@robzyboy Um, if you're saying "What is all the notaries see a bad certificate?", yes, that's bad. But that's not far from the site being compromised, or at least entirely 'masked' by an attacker. A notary that checked against the CA system would solve that case, and give you a smart hybrid, as in the last few slides. 'Easy'.
-
The addon is not signed by FF; its not available from the FF repo; the convergence.io site doesn't have a cert not even self signed; There is no md5 sum for the addon ... how do i download his FF addon securely??
1 month ago 2
-
Is there something that stops (for example) my access-provider to simply MITM all the connections to the notarys + the website?
It seems the authenticity of the notaries also need to be verified, but how?
-
this seems like it might be a good intermediate step before it becomes completely distributed. as for example Namecoin. this is basically a distributed DNS server with certificates included. in order to circumvent this system you have to have the majority of computing power. i think this is the future. if not Namecoin exactly then some variant of it. but before we are ready for this Convergence definitely seems like an improvement.
-
greatest intro ever. haven't even gotten to the actual talk.
-
pure revelation! EFF is also on the whole SSL alterantive! googleit
-
This should be required for anyone who has ever installed an SSL cert.
-
Great talk Moxie. Thanks for writing the Convergence system and taking the time to educate so many people.
- 14:58
DEFCON 18: How I Met Your Girlfriend 1/3by ChRiStIaAn008142,946 views
- 11:09
How SSL works tutorial - with HTTPS exampleby tubewar46,425 views
- 9:18
The Most IMPORTANT Video You'll Ever See (part 1 of 8)by wonderingmind424,027,873 views
- 5:17
How to be a Computer Hackerby protutorialsYT422,190 views
- 1:15:44
BlackHat EU 2011: Keynote-Schneierby tail0t7,198 views
- 3:15
RSA SecurID hack explainedby akemshall3,201 views
- 42:15
Defcon 19: DIY Non-Destructive-Entryby SchuylerTowne13,940 views
- 3:00
www.Facebook.com SQL Injection | @TurkAslanlariby turksistemguvenligi9,066 views
- 9:48
When will America Collapse? .....answers from Jim Rogers, Marc Faber, Gerald Celente and othersby PaulRevere2012380,930 views
- 2:28
Black Hat USA 2011:Digital Intelligence Gathering Using Maltegoby tail0t4,465 views
- 47:50
DEFCON 17: More Tricks For Defeating SSLby ChRiStIaAn0085,879 views
- 5:25
Security+ HTTPS and SSLby 777stevej77714,510 views
- 3:56
Tampering with Security Seals - Black Hat training by Datagramby DeviantOllam942 views
- 10:01
8/13 Lucus at Brave New Books 1/27/2010: The Destroyer Star & The Future of Mankindby FloydAnderson42,229 views
- 3:19
SSL Explainedby pyroblue32,080 views
- 42:50
Defcon 18 Changing threats to privacy Moxie Marlinspike Part by killab666611,809 views
- 47:33
DEFCON 16: Free Anonymous Internet Using Modified Cable Modemsby ChRiStIaAn0083,986 views
- 31:37
DEFCON 17: BitTorrent Hacksby ChRiStIaAn0081,799 views
- 1:13
Black Hat USA 2011 - PA System Pwned During Keynoteby RXLSsick697 views
- 4:04
Hacking industrial control systemsby SCMagazineUS491 views
Please people, listen to this genius !
jeroeniskoning 5 months ago 11
What if the MITM is on the same network as the website you're trying to verify?
robzyboy 4 months ago 5