Issue No.01 - January/February (2010 vol.14)
Stephen Farrell , Trinity College Dublin
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2010.21
Recently, a previously unknown, and not particularly complex, man-in-the-middle attack appeared, affecting all versions of the Transport Layer Security (TLS) protocol. TLS and its predecessors have been in widespread use for more than a decade and have been subject to detailed scrutiny from the security community over that period. Because TLS was also developed in a very open environment (the IETF), as is usually recommended by security professionals, the question arises: Why didn't we spot this sooner? In this article, the author outlines the new attack and ponders this question.
man-in-the-middle, TLS, SSL, security protocol development, practical security
Stephen Farrell, "Why Didn't We Spot That?", IEEE Internet Computing, vol.14, no. 1, pp. 84-87, January/February 2010, doi:10.1109/MIC.2010.21