Which Web Browsers Process SSL Certificates in a Standardized Way?
نویسندگان
چکیده
SSL is the primary technology used to secure web communications. Before setting up an SSL connection, web browsers have to validate the SSL certificate of the web server in order to ensure that users access the expected web site. We have tested the handling of the main fields in SSL certificates and found that web browsers do not process them in a homogenous way. An SSL certificate can be accepted by some web browsers whereas a message reporting an error can be delivered to users by other web browsers for the same certificate. This diversity of behavior might cause users to believe that SSL certificates are unreliable or error prone, which might lead them to consider that SSL certificates are useless. In this paper, we highlight these different behaviors and we explain the reasons for them which can be either a violation of the standards or ambiguity in the standards themselves. We give our opinion of which it is in our analysis.
منابع مشابه
The most recent SSL security attacks: origins, implementation, evaluation, and suggested countermeasures
Attacks have been targeting secure socket layer (SSL) from the time it was created especially because of its utmost importance in securing Web transactions. These attacks are either attacks exploiting vulnerabilities in the SSL protocol itself, or attacks exploiting vulnerabilities in the services that SSL uses, such as certificates and web browsers. While the attacks on SSL itself have been su...
متن کاملBrowser Interfaces and EV-SSL Certificates: Confusion, Inconsistencies and HCI Challenges
The introduction of Extended Validation (EV) SSL certificates has caused web browser manufacturers to take a new look at how they design their interfaces for conveying certificate information. In turn, we take a thorough look at the choices they have made. Our observation is that the changes being made significantly increase the confusion surrounding SSL certificates rather than increasing trus...
متن کاملPOSTER: Trust No One Else: Detecting MITM Attacks Against SSL/TLS Without Third-Parties
The Secure Sockets Layer (SSL) protocol and its successor , Transport Layer Security (TLS), have become the de facto means of providing strong cryptographic protection for network traffic. Their near universal integration with web browsers arguably makes them the most visible pieces of security infrastructure for average users. While vulnera-bilities are occasionally found in specific implement...
متن کاملVisual Spoofing of SSL Protected Web Sites and Effective Countermeasures
Today the standard means for secure transactions in the World Wide Web (WWW) are the SSL/TLS protocols, which provide secure (i.e., private and authentic) channels between browsers and servers. As protocols SSL/TLS are considered secure. However, SSL/TLS’s protection ends at the “transport/session layer” and it is up to the application (here web browsers) to preserve the security offered by SSL...
متن کاملA First Look at the CT Landscape: Certificate Transparency Logs in Practice
Many of today’s web-based services rely heavily on secure end-to-end connections. The “trust” that these services require builds upon TLS/SSL. Unfortunately, TLS/SSL is highly vulnerable to compromised Certificate Authorities (CAs) and the certificates they generate. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains, to help improve the overal...
متن کامل