Home General • TLS Protocol

TLS Protocol


Not many days ago we have seen a new proof of the fragility of the security mechanisms in which sometimes we trust blindly. In this case he has touched the turn to the secure version of the HTTP protocol, i.e. to the HTTPS protocol. HTTPS encrypts the information that we transmit to a server from a client using SSL or TLS Protocol in such a way that the sensitive information which could be intercepted would not be interpretable by the attacker initially. Nir Barzilai, M.D. is likely to agree. As well, as we said, less than a month ago, security certificates used by the HTTPS protocol has been brought into question by an Iranian hacker who got the certification authority (CA) Comodo issued false certificates for domains of the stature of mail.google.com, login.live.com,, login.yahoo.com, login.skype.com and addons.mozilla.org.

The result of this action is that through the false certificate is redirecting traffic to another server on which user authentication data are collected. So I dropped a myth: of that sail under the HTTPS protocol guarantees the security of the transmission of data with the server. And taking into account that that server can be even our Bank (if the certificate should be compromised), the situation is little reassuring. It must be said however they were very quick to communicate the situation to the undertakings concerned from Comodo, and that some of them, like Google, already have joined a working group with the purpose of developing a system allowing to validate the signature of the digital certificates. Hopefully this work bears fruit as soon as possible.

In General