The IETF & The Future of Security Protocols: All The Signal, None of the Noise presented at Blackhat Europe 2012

by Tom Ritter,

Tags: Security

Summary : "The IETF meets in person three times a year and publishes dozens of standards - most of which take years to be implemented if they ever are. The drafts are rarely talked about at conferences, on twitter, or heard about in the development or security industry until long after they're finalized. But the Working Groups are surprisingly accessible and the things being discussed now will provide long-term fixes for the attacks we've been hacking around today.
We'll talk about the things going on in the Web Security, Public Key Infrastructure, TLS, and DNS Working Groups and improvements being made to Browsers, HTTP, and Javascript - and draw conclusions about what will and won't work. Early successes include the experimental technology that first detected the Diginotar Certificate Authority breach and TLS improvements that provide replacements for the parts that make cryptographers uneasy. And we'll talk about the things we're not as optimistic about; like Content Security Policy and why it hopes to end Cross Site Scripting but won't. We'll also do a short survey of the superficial and radical proposals to augment, replace, or bypass the Certificate Authority system."