Indeed TLS 1.0 is not bad. We know a few issues with the protocol but we don’t know how to exploit them. It is not that I don’t sleep at night because of the risks, but looking at the objective issues that researchers show, there is some real concern that users can be exploited.
Dr. Tibor Jager presenting at BIU, May 02 2016 vpnMentor: You won the “Best Contribution to IETF Award." Tell us about that. This award was given for significant contribution to TLS 1.3. There were many other contributions that are significant and I would consider stronger than ours. But what made our paper noticeable was that we showed not only the effects on TLS 1.3 but also on X.509 (an important standard for a public key infrastructure). The attack we described is not directly based on a weakness of TLS, but rather on a subtle combination with a deficiency of X.509. The intention of IETF by giving this to us, in my opinion, was to point out some things that can be fixed there as well. vpnMentor: Germany is known as a privacy advocates nation. What makes Germans such leaders in this subject in your opinion? It is hard for me to say. As a German, I find it obvious that I should have my privacy online as well. It surprises me that other nations don’t. vpnMentor: What do attackers try to achieve? Are they in it for the gain or for intellectual achievement? There are so many types of attackers. vpnMentor: Looking at the skill set required to be a hacker, do you think some of your fellow professors in the academy go back home at night and put on the “Guy Faux mask,” penetrating the Pentagon? I know my colleagues very well so I’m sure they are not doing this. At first glance, hacking looks very sophisticated and you may think that it requires a skill set that is very outstanding. But once you know how it works, you understand anybody can be a hacker just by watching a few videos on YouTube and reading a few articles. vpnMentor: What is your opinion on the matter of online privacy vs defending citizens from terrorists? If I had an answer to this, I would be in politics. It is important to have a good balance but the decision is not easy. vpnMentor: What tools/browsers are you using differently from your mom? I’m teaching my mom how to use a web browser in the right way and not give out information. Overall, I’m very careful about what sites I visit and what files I’m downloading.
