SSL and the Future of Authenticity
By Moxie MarlinspikeIn the early 90’s, at the dawn of the World Wide Web, some engineers
at Netscape developed a protocol for making secure HTTP requests, and
what they came up with was called SSL. Given the relatively scarce body
of knowledge concerning secure protocols at the time, as well the intense pressure everyone at Netscape was working under,
their efforts can only be seen as incredibly heroic. It’s amazing that
SSL has endured for as long as it has, in contrast to a number of other
protocols from the same vintage. We’ve definitely learned a lot since
then, though, but the thing about protocols and APIs is that there’s
very little going back.