[TLS] SSL/TLS and HTTPS in a Post-Prism Era

Ralf Skyper Kaiser <skyper@thc.org> Tue, 15 October 2013 14:42 UTC

Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8125721E80F1 for <tls@ietfa.amsl.com>; Tue, 15 Oct 2013 07:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.357
X-Spam-Level: *
X-Spam-Status: No, score=1.357 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yllTuxvP4DYZ for <tls@ietfa.amsl.com>; Tue, 15 Oct 2013 07:42:28 -0700 (PDT)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com [IPv6:2607:f8b0:4001:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id D4B2D21E80C6 for <tls@ietf.org>; Tue, 15 Oct 2013 07:42:26 -0700 (PDT)
Received: by mail-ie0-f171.google.com with SMTP id tp5so1152213ieb.16 for <tls@ietf.org>; Tue, 15 Oct 2013 07:42:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=Cx7jAGDOkECJ4WWkLcSmQPLDQBEtRMDhsPltjKu7ttE=; b=Nr5gSSdCcjo3onRXs360wrgbbv40VUuT9HHUH26Lez2dvoQ/JFxhzkI0hssC2zhonx XWLy51AAzQ4ifHQQ1I8iViDlP+8OjcCxJOAzZ9e01CzdILXcj3VsEn73wVU4gg5TUWZw K4yBRrQflIOPEIoxPKAV+wSiuDtpFCWESVdbk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=Cx7jAGDOkECJ4WWkLcSmQPLDQBEtRMDhsPltjKu7ttE=; b=Pvn/XZjRkrlYGLChPRMpPB0JeUw0ciXjtRS7XbOzCvsG4qBJxzVXjDJEz9orKkM3Ht XY0uI048NYO5NajgpwJMspJ5DO/6fAbFHRhT7hPDJcmIFqQRI/5o0g/FZMCbimY6NZTs b7CliR7CLJvtm3/w9N+gQFMCLvTvS2MrvCKFVfBcBd7XJtUtfHlGCBujRJOacVWz515A t7jat6Vsul1MuLcoo14RtLl8hQdpBHkCKqVJLyCUwXzFJGNpe6c1J3+BpIsPwW17nMDm yaiuSsYNslj+fNFC3EXpRPaV5LQbt3zLgLQ1ykG7MmWDDUh8lv+Ef8mXvDBtX0JTFvlu HTSQ==
X-Gm-Message-State: ALoCoQlTcMbfHx0O9Zg1yP4ZyzDwpg7SVT13iRNXM68yqqWF7f10ej5gS34ECzhHS+X3B+r8tInh
MIME-Version: 1.0
X-Received: by 10.50.46.67 with SMTP id t3mr17167984igm.46.1381848144240; Tue, 15 Oct 2013 07:42:24 -0700 (PDT)
Received: by 10.64.231.100 with HTTP; Tue, 15 Oct 2013 07:42:24 -0700 (PDT)
X-Originating-IP: [80.195.189.45]
Date: Tue, 15 Oct 2013 15:42:24 +0100
Message-ID: <CA+BZK2oOk2yHyd3-mVV7gncEC9oyaP11i=XSzGqLe-dEW2Gtcg@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary=001a11347edcc5683a04e8c89761
Subject: [TLS] SSL/TLS and HTTPS in a Post-Prism Era
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 14:42:39 -0000

Hi,

I created an incomplete summary of various reports about Certification
Authority breaches. I believe it is the most complete list to date
(additions welcome).

The summary also contains some (but not all) proposed security solutions
and enhancements for the 'CA Trust Problem' and some general security
enhancement for the deployment of SSL/TLS.

Comments and feedback are welcome.


https://thc.org/ssl


and a video parody to explain the problem to non-technical people:


http://youtu.be/F3BMA3IuvYs


Best Regards,

Ralf