SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements
J Clark, PC Van Oorschot - 2013 IEEE Symposium on Security …, 2013 - ieeexplore.ieee.org
2013 IEEE Symposium on Security and Privacy, 2013•ieeexplore.ieee.org
Internet users today depend daily on HTTPS for secure communication with sites they intend
to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have
been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted
(and thus, de facto, user-trusted) certificate authorities has proliferated, while the due
diligence in baseline certificate issuance has declined. We survey and categorize prominent
security issues with HTTPS and provide a systematic treatment of the history and on-going …
to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have
been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted
(and thus, de facto, user-trusted) certificate authorities has proliferated, while the due
diligence in baseline certificate issuance has declined. We survey and categorize prominent
security issues with HTTPS and provide a systematic treatment of the history and on-going …
Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certificate authorities has proliferated, while the due diligence in baseline certificate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions. We also provide a comparative evaluation of current proposals for enhancing the certificate infrastructure used in practice.
ieeexplore.ieee.org
以上显示的是最相近的搜索结果。 查看全部搜索结果