Wednesday 30 September 12:00 - 12:30, Small talksMark Kennedy (Symantec)
Righard Zwienenberg (ESET)
Prof. Igor Muttik (Intel Security)More and more HTTP traffic is being encrypted (HTTPS). This increases security by preventing listening into the conversation, but it also creates a problem for security products that need access to that information as well. To address this, many security companies implement a 'man-in-the-middle' protocol, where they broker the keys from both ends of the conversation, and thus are able to inspect the content.For some websites now — and perhaps many more in the future — the client is checking to verify that the SSL certificate is routed to the server. However, these checks will fail because the certificate returned by the security product will not match the server's domain. We see some of these failures in the field today, and more will likely follow.The IEEE Industry Connections Security Group is working on a secure solution to this growing problem. We will show where we are, and discuss how we will move forward towards an industry solution.