SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
Since the early days of the SSL/TLS protocols, the security community has been struggling with various attacks that have made many press headlines.
[...] The Transport Layer Security (TLS) protocol as it stands today has evolved from the Secure Sockets Layer (SSL) protocol from Netscape Communications and the Private Communication Technology (PCT) protocol from Microsoft that were developed in the 1990s, mainly to secure credit card transactions over the Internet.
It soon became clear that a unified standard was required, and an IETF TLS WG was tasked. As a result, TLS 1.0 was specified in 1999, TLS 1.1 in 2006, TLS 1.2 in 2008, and TLS 1.3 will hopefully be released soon. Each protocol version tried to improve its predecessor and mitigated some specific attacks.
As is usually the case in security, there is a "cops and robbers" game going between the designers and developers of the TLS protocol and the people who try to break it (be it from the hacker community or from academia). Unfortunately, this game is open-ended, meaning that it will never end and has no winner.
Not precisely news but it's good to stop, reflect, and look forward now and then.
Source: https://www.helpnetsecurity.com/2017/07/03/tls-security/
(Score: 0) by Anonymous Coward on Tuesday July 04 2017, @09:28AM
By reducing the temporal window of vulnerability, you only place restrictions on the attackers budget, which will further give the advantage to rich and well-connected.
TLS/SSL etc. ecosystem is fit for purpose, but as i see it, the purpose is to make the user feel feelings.