OATAO - Open Archive Toulouse Archive Ouverte Open Access Week

TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree?

Wazan, Ahmad Samer and Laborde, Romain and Chadwick, David W. and Barrère, François and Benzekri, Abdelmalek TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree? (2017) In: 41st IEEE Annual Computer Software and Applications Conference (COMPSAC 2017), 4 July 2017 - 8 July 2017 (Turin, Italy).

[img]
Preview
(Document in English)

PDF (Author's version) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
1MB

Official URL: http://doi.org/10.1109/COMPSAC.2017.240

Abstract

The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers' owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of Web users. Our previous research in 2009 showed that the validation process of Web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on Web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in Web browsers' behaviours.

Item Type:Conference or Workshop Item (Paper)
Additional Information:Thanks to IEEE editor. The definitive version is available at http://ieeexplore.ieee.org This papers appears in Proceedings of COMPSAC 2017. Electronic ISBN: 978-1-5386-0367-3 ISSN: 0730-3157 The original PDF of the article can be found at: https://ieeexplore.ieee.org/document/8029674/ Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
HAL Id:hal-01873806
Audience (conference):International conference proceedings
Uncontrolled Keywords:
Institution:French research institutions > Centre National de la Recherche Scientifique - CNRS (FRANCE)
Université de Toulouse > Institut National Polytechnique de Toulouse - INPT (FRANCE)
Other partners > University of Kent (UNITED KINGDOM)
Université de Toulouse > Université Toulouse III - Paul Sabatier - UPS (FRANCE)
Université de Toulouse > Université Toulouse - Jean Jaurès - UT2J (FRANCE)
Université de Toulouse > Université Toulouse 1 Capitole - UT1 (FRANCE)
Laboratory name:
Statistics:download
Deposited By: IRIT IRIT
Deposited On:14 Jun 2018 15:01

Repository Staff Only: item control page