Friday, May 02, 2014

WDC 2.5 TLS?

-lesson from heartbleeding

Tls complex protocol
many implementation
dangerous close to monoculturr
opensource is not magical
incident handling is reallt important

more tls, why?
coz cookies canbe expose without tls or mix tls

more encription is the good things

http/2 is for speed but firefox and chrome  over tls
to encourage every site to use tls

transparent tls, there is no https or lock but still negotioting tls
- but still debatable

everyone can issue certificate and ur browser trusted

what happenig now

-http strict trnasport secuirty
http sts
only available for https

- public key pin
- certificate transparancy

more speed
- chacha20 poly1305
new cyper for DjB which faster

- Tls 1.3
encript the handshake
reduce handshake latency
improve crypto
start now end eoy


No comments: