Abstract
“Secure” web browsing with HTTPS uses TLS/SSL and X.509 certificates to provide authenticated, confidential communication between web clients and webservers. The authentication component of the system has a variety of weaknesses, which have led to a variety of proposals for improving the current environment. In this paper we survey, analyze, compare and contrast three prominent proposals. To do this, we attempt to systematically capture the properties one might require of such a system: authentication properties, forensics/privacy properties, usability properties, and pragmatic properties. Enumerating these properties is an important part of understanding these proposals and the nature of the authentication problem for the secure web. Finally, we offer a few conclusions and suggestions pertaining to these proposals, and possible future directions of research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.1. RFC 5246, RFC Editor (April 2006)
Housley, R., Santesson, S.: Update to directorystring processing in the internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, RFC Editor (August 2006)
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, NSPW 2009, pp. 133–144. ACM, New York (2009)
Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: an empirical study of ssl warning effectiveness. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 399–416. USENIX Association, Berkeley (2009)
Marlinspike, M., Perrin, T.: Trust assertions for certificate keys. Internet-Draft draft-perrin-tls-tack-02, IETF Secretariat (January 2013)
Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving ssh-style host authentication with multi-path probing. In: USENIX 2008 Annual Technical Conference on Annual Technical Conference, ATC 2008, pp. 321–334. USENIX Association, Berkeley (2008)
CA/Browser Forum. Guidelines for the issuance and management of extended validation certificates (March 2014), https://cabforum.org/wp-content/uploads/EV-SSL-Certificate-Guidelines-Version-1.4.6.pdf
Hoffman, P., Schlyter, J.: The DNS-based authentication of named entities (DANE) transport layer security (tls) protocol: TLSA. RFC 6698, RFC Editor (August 2012)
National Institute of Standards and Technology (NIST), http://www.dnsops.gov/dnssec-perform.html
Laurie, B., Langley, A., Kasper, E.: Certificate transparency. RFC 6962, RFC Editor (June 2013)
Evans, C., Palmer, C., Sleevi, R.: Public key pinning extension for http. Internet-Draft draft-ietf-websec-key-pinning-08, IETF Secretariat (July 2013)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management - part 1: General (revision 3). Technical Report NIST Special Publication 800-57, National Institute of Standards and Technology (March 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Brown, C.W., Jenkins, M. (2014). Analyzing Proposals for Improving Authentication on the TLS/SSL-Protected Web. In: Chen, L., Mitchell, C. (eds) Security Standardisation Research. SSR 2014. Lecture Notes in Computer Science, vol 8893. Springer, Cham. https://doi.org/10.1007/978-3-319-14054-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-14054-4_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14053-7
Online ISBN: 978-3-319-14054-4
eBook Packages: Computer ScienceComputer Science (R0)