The Community for Technology Leaders
Green Image
Issue No. 01 - January/February (2010 vol. 14)
ISSN: 1089-7801
pp: 84-87
Stephen Farrell , Trinity College Dublin
ABSTRACT
Recently, a previously unknown, and not particularly complex, man-in-the-middle attack appeared, affecting all versions of the Transport Layer Security (TLS) protocol. TLS and its predecessors have been in widespread use for more than a decade and have been subject to detailed scrutiny from the security community over that period. Because TLS was also developed in a very open environment (the IETF), as is usually recommended by security professionals, the question arises: Why didn't we spot this sooner? In this article, the author outlines the new attack and ponders this question.
INDEX TERMS
man-in-the-middle, TLS, SSL, security protocol development, practical security
CITATION
Stephen Farrell, "Why Didn't We Spot That?", IEEE Internet Computing, vol. 14, no. , pp. 84-87, January/February 2010, doi:10.1109/MIC.2010.21
105 ms
(Ver )