IETF To Change TLS Implementation In Applications

Posted by timothy on Saturday December 14, 2013 @08:31PM from the nice-orderly-scramble dept.

Trailrunner7 writes "The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help developers and the people who deploy their applications incorporate the encryption protocol correctly. TLS is the successor to SSL and is used to encrypt information in a variety of applications, but is most often encountered by users in their Web browsers. Sites use it to secure their communications with users, and in the wake of the revelations about the ways that the NSA is eavesdropping on email and Web traffic its use has become much more important. The IETF is trying to help ensure that it's deployed properly, reducing the errors that could make surveillance and other attacks easier."

1 of 80 comments (clear)

Min score:

Reason:

Sort:

Ok by trifish · 2013-12-14 21:09 · Score: 4, Insightful

Just, please, this time, try to be more careful about who joins your working groups. And especially what their true intentions are.
Sometimes when someone tries to "simplify deployment" or "offers insight to prevent user confusion", etc., you may want to think twice. History repeats itself, you know.