H2O

This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.

Many of the online authentication mechanisms that enable transactions rely on faith in the Secure Sockets Layer protocol and Certificate Authorities. Growing evidence suggests that this mechanism is highly vulnerable, and there has been much discussion surrounding alternatives. EDIT PLAYLIST INFORMATION DELETE PLAYLIST

Edit playlist item notes below to have a mix of public & private notes, or:

MAKE ALL NOTES PUBLIC (3/3 playlist item notes are public) MAKE ALL NOTES PRIVATE (0/3 playlist item notes are private)
  1. 1 Show/Hide More Introduction to SSL, Mozilla Developer Network, 2005
    The Secure Sockets Layer (SSL) protocol has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. This article introduces key concepts and also touches upon potential threats such as Man-in-the-Middle Attacks.
  2. 2 Show/Hide More 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Marlinspike has released several follow-up materials which are useful for an updated view of the ongoing debate.
    1. 2.1 Show/Hide More Moxie Marlinspike, BlackHat USA 2011: SSL and the Future of Authenticity, 2011
      A talk given as a follow-up to the blog post above, recommended viewing: 0:00-23:34.
    2. 2.2 Show/Hide More Moxie Marlinspike, New Tricks For Defeating SSL In Practice, BlackHat DC, 2009
      Slides demonstrating some uncovered weaknesses of SSL.
    3. 2.3 Show/Hide More Moxie Marlinspike, SSL and the Future of Authenticity, Thoughtcrime Blog, 2011
      This brief blog post defines the core issues with the Certificate Authorities mechanism SSL relies on, primarily via the missing quality of trust agility; it also critically examines suggested alternatives such as DNSSEC.
  3. 3 Show/Hide More Gregg Keizer, Hackers Stole Google SSL Certificate, Dutch Firm Admits, Computerworld, Aug 30, 2011
    This article demonstrates some of the potential issues with exploiting SSL weaknesses.
Close

Playlist Information

May 21, 2013

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

SEARCH
Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large