A serious security flaw was recently found in TLS, dating back to the mid-90's. How did this happen, why didn't anyone catch it, why is it so hard to fix, and what can we do to prevent it going forward? The speakers will also discuss the relative merits of various mitigations and the IETF's proposed solution.