Issue No. 01 - January/February (2010 vol. 14)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2010.21
Stephen Farrell , Trinity College Dublin
Recently, a previously unknown, and not particularly complex, man-in-the-middle attack appeared, affecting all versions of the Transport Layer Security (TLS) protocol. TLS and its predecessors have been in widespread use for more than a decade and have been subject to detailed scrutiny from the security community over that period. Because TLS was also developed in a very open environment (the IETF), as is usually recommended by security professionals, the question arises: Why didn't we spot this sooner? In this article, the author outlines the new attack and ponders this question.
man-in-the-middle, TLS, SSL, security protocol development, practical security
S. Farrell, "Why Didn't We Spot That?," in IEEE Internet Computing, vol. 14, no. , pp. 84-87, 2010.