Description: Blackhat 2012 EUROPE - The IETF & The Future of Security Protocols: All The Signal, None of the Noise
The IETF meets in person three times a year and publishes dozens of standards - most of which take years to be implemented if they ever are. The drafts are rarely talked about at conferences, on twitter, or heard about in the development or security industry until long after they're finalized. But the Working Groups are surprisingly accessible and the things being discussed now will provide long-term fixes for the attacks we've been hacking around today.
We'll talk about the things going on in the Web Security, Public Key Infrastructure, TLS, and DNS Working Groups and improvements being made to Browsers, HTTP, and Javascript - and draw conclusions about what will and won't work. Early successes include the experimental technology that first detected the Diginotar Certificate Authority breach and TLS improvements that provide replacements for the parts that make cryptographers uneasy. And we'll talk about the things we're not as optimistic about; like Content Security Policy and why it hopes to end Cross Site Scripting but won't. We'll also do a short survey of the superficial and radical proposals to augment, replace, or bypass the Certificate Authority system.
Tags: securitytube , conference , hacking , hackers , information security , convention , computer security , blackhat12 , blackhat-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.