Father of SSL says despite attacks, the security linchpin has lots of life left

11. Oktober 2011
SSL/TLS, the protocol that protects of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself.

With all the noise about SSL/TLS it's easy to think that something is irreparably damaged and perhaps it's time to look for something else.

But despite the exploit -- Browser Exploit Against SSL/TLS (BEAST) -- and the failures of certificate authorities such as Comodo and DigiNotar that are supposed to authenticate users, the protocol has a lot of life left in it if properly upgraded as it becomes necessary, says Taher Elgamal, CTO of Axway and one of the creators of SSL.

MORE: With SSL, who can you really trust

The problem lies not in the SSL/TLS itself but in the trust framework built around it and the problems that causes when it comes time to patch the protocol to fix vulnerabilities. Network World Senior Editor Tim Greene spoke recently about these issues with Elgamal. Here is an edited transcript of that conversation.

The flaw exploited by BEAST has been around since 2004. What's up with that

Zur Startseite