Father of SSL says despite attacks, the security linchpin has lots of life left
Are there downsides to TLS 1.1
Not that is known today, but the issue with security is that as human beings we all want something that is secure forever. We want to feel safe about it and move onto the next thing, and unfortunately that is the wrong thing to do because security is always relative to something or another. Ten years from now computers will be a lot faster so today's safe things may not be safe, and we will be doing exactly the same thing again. It's not because it's bad or good and doesn't have anything to do with a particular setup or protocol or operating system. It's just the truth of the matter, since we have to always look out for these things. We have to monitor for what the weaknesses are. We have to update things. This continues to happen basically forever and ever. There's honestly no one-time solution to this issue. It has nothing to do with SSL in particular. SSL becomes the poster child for this because SSL is being used in all of e-commerce. Replacing SSL by itself as a protocol doesn't solve any problem.
How about those certificate authority breaches against Comodo and that wiped out DigiNotar
It's a combination of PKI and trust models and all that kind of stuff. If there is a business in the world that I can go to and get a digital certificate that says my name is Tim Greene then that business is broken, because I'm not Tim Greene, but I've got a certificate that says this is my name. This is a broken process in the sense that we allowed a business that is broken to get into a trusted circle. The reality is there will always be crooks, somebody will always want to make money in the wrong way. It will continue to happen until the end of time.
Is there a better way than certificate authorities