Freelance journalist (Golem.de, Zeit Online, taz, LWN)
Find and fix security vulnerabilities and bugs in free software (Fuzzing Project, supported by Linux Foundation's Core Infrastructure Initiative)
Monthly Bulletproof TLS Newsletter
Can be put on to of formerly insecure protocols
Provides secrecy and authenticity
Example: HTTP + TLS = HTTPS
1994: SSL v2
1995: SSL v3
1999: TLS v1.0
2006: TLS v1.1
2008: TLS v1.2
Soon: TLS v1.3
SSL is just the old name of TLS
Followed by CRIME (2012), BREACH (2013), Lucky Thirteen (2013), RC4 attacks (2013), Triple Handshake (2014), POODLE (2014), Logjam (2015), SLOTH (2016), DROWN (2016)
BEAST (2011) - Bard (2004)
Lucky Thirteen (2013) - Vaudenay (2002)
RC4 attacks (2013) - Fluhrer, Mantin, Shamir (2001)
SLOTH (2016) - Dobbertin (1996), Wang et al (2004, 2005)
DROWN (2016) - Bleichenbacher (1998)
The first TLS bug that made international headlines.
Heartbleed was not a protocol bug, it was a faulty software implementation.
Software projects that are crucial to a functioning Internet had very little support from the Industry.
Core Infrastructure Initiative was formed.
Goto fail (Apple, 2014),BERserk (Mozilla NSS, 2014), MS14-066 (Microsoft Schannel, 2014) SChannel, FREAK (Microsoft / OpenSSL, 2015)
1990s: Export controls caused creation of weak "export" cipher modes with very short keys
This still causes trouble: FREAK (2015), Logjam (2015), DROWN (2016)
Push from some large players (Google, Mozilla).
New and powerful features require HTTPS (HTTP2, Brotli compression, access to camera, microphone or geolocation).
Redirect all HTTP requests to HTTPS.
Addition: HSTS (HTTP Strict Transport Security).
Not everyone agrees that we should move to HTTPS.
Counterarguments are largely either outdated or based on misunderstandings or myths.
TLS guarantees secrecy and authenticity.
You may not always want to keep your transmitted data secret, but you always want it to be correct.
"Our webpage is HTTP, but if you log in the data will be transmitted securely over HTTPS."
Login form HTTP, sends username/password via HTTPS.
This is *not* secure!
Attacker can manipulate form (SSL Stripping, Marlinspike 2009).
People often largely overestimate the computational costs of encryption.
In January this year (2010), Gmail switched to using HTTPS for everything by default. [...] In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers [...] will help to dispel that. (Adam Langley, Google)
New HTTP2 protocol and Brotli compression in practice only available with HTTPS.
"I don't want to spend 100 € for a certificate!"
Three certificate authorities offer free certificates (StartSSL, Wosign, Let's Encrypt).
Major providers (Cloudflare, Amazon Web Services) enable HTTPS for free.
"I run multiple webpages on one server/IP, I can't use HTTPS."
In the distand past every certificate required its own IP.
Server Name Indication (SNI, RFC 3546) extension allows multiple certificates per IP since 2006.
(Caveat: very old systems like Windows XP, Android 2)
External content needs to be HTTPS, too.
Biggest problem: Advertisement.
TLS came under a lot more scrunity in recent years.
We understand much better now what is required for secure connections.
TLS and HTTPS are becoming the new default - and that's a good thing.
TLS is not slow, expensive or unneccessary - use it!