History Of The Tls Authentication Gap Bug presented at TROOPERS 2010

by Marsh Ray (PhoneFactor), Steve Dispensa (PhoneFactor),

Summary : A serious security flaw was recently found in TLS, dating back to the mid-90's. How did this happen, why didn't anyone catch it, why is it so hard to fix, and what can we do to prevent it going forward? The speakers will also discuss the relative merits of various mitigations and the IETF's proposed solution.

Marsh Ray: Marsh Ray is a Software Development Engineer at PhoneFactor, Inc., a maker of two-factor authentication software, where he is responsible for security software development.

Steve Dispensa: Steve Dispensa is co-founder and Chief Technology Officer of PhoneFactor, an authentication software development firm. He is a regular speaker and writer on security issues, a five-time Microsoft MVP for kernel-mode software development, and is Cisco CCIE #5444.