[TLS] SSL/TLS and HTTPS in a Post-Prism Era
Ralf Skyper Kaiser <skyper@thc.org> Tue, 15 October 2013 14:42 UTC
Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8125721E80F1 for <tls@ietfa.amsl.com>; Tue, 15 Oct 2013 07:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.357
X-Spam-Level: *
X-Spam-Status: No, score=1.357 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yllTuxvP4DYZ for <tls@ietfa.amsl.com>; Tue, 15 Oct 2013 07:42:28 -0700 (PDT)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com [IPv6:2607:f8b0:4001:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id D4B2D21E80C6 for <tls@ietf.org>; Tue, 15 Oct 2013 07:42:26 -0700 (PDT)
Received: by mail-ie0-f171.google.com with SMTP id tp5so1152213ieb.16 for <tls@ietf.org>; Tue, 15 Oct 2013 07:42:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=Cx7jAGDOkECJ4WWkLcSmQPLDQBEtRMDhsPltjKu7ttE=; b=Nr5gSSdCcjo3onRXs360wrgbbv40VUuT9HHUH26Lez2dvoQ/JFxhzkI0hssC2zhonx XWLy51AAzQ4ifHQQ1I8iViDlP+8OjcCxJOAzZ9e01CzdILXcj3VsEn73wVU4gg5TUWZw K4yBRrQflIOPEIoxPKAV+wSiuDtpFCWESVdbk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=Cx7jAGDOkECJ4WWkLcSmQPLDQBEtRMDhsPltjKu7ttE=; b=Pvn/XZjRkrlYGLChPRMpPB0JeUw0ciXjtRS7XbOzCvsG4qBJxzVXjDJEz9orKkM3Ht XY0uI048NYO5NajgpwJMspJ5DO/6fAbFHRhT7hPDJcmIFqQRI/5o0g/FZMCbimY6NZTs b7CliR7CLJvtm3/w9N+gQFMCLvTvS2MrvCKFVfBcBd7XJtUtfHlGCBujRJOacVWz515A t7jat6Vsul1MuLcoo14RtLl8hQdpBHkCKqVJLyCUwXzFJGNpe6c1J3+BpIsPwW17nMDm yaiuSsYNslj+fNFC3EXpRPaV5LQbt3zLgLQ1ykG7MmWDDUh8lv+Ef8mXvDBtX0JTFvlu HTSQ==
X-Gm-Message-State: ALoCoQlTcMbfHx0O9Zg1yP4ZyzDwpg7SVT13iRNXM68yqqWF7f10ej5gS34ECzhHS+X3B+r8tInh
MIME-Version: 1.0
X-Received: by 10.50.46.67 with SMTP id t3mr17167984igm.46.1381848144240; Tue, 15 Oct 2013 07:42:24 -0700 (PDT)
Received: by 10.64.231.100 with HTTP; Tue, 15 Oct 2013 07:42:24 -0700 (PDT)
X-Originating-IP: [80.195.189.45]
Date: Tue, 15 Oct 2013 15:42:24 +0100
Message-ID: <CA+BZK2oOk2yHyd3-mVV7gncEC9oyaP11i=XSzGqLe-dEW2Gtcg@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="001a11347edcc5683a04e8c89761"
Subject: [TLS] SSL/TLS and HTTPS in a Post-Prism Era
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 14:42:39 -0000
Hi, I created an incomplete summary of various reports about Certification Authority breaches. I believe it is the most complete list to date (additions welcome). The summary also contains some (but not all) proposed security solutions and enhancements for the 'CA Trust Problem' and some general security enhancement for the deployment of SSL/TLS. Comments and feedback are welcome. https://thc.org/ssl and a video parody to explain the problem to non-technical people: http://youtu.be/F3BMA3IuvYs Best Regards, Ralf
- [TLS] SSL/TLS and HTTPS in a Post-Prism Era Ralf Skyper Kaiser