Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications

Abstract
Content reuse on the Web 2.0 is a common "phenomenon". However, it has now reached critical and sensitive areas, as for example online shopping's submission forms for credit card data. Browsers lack the ability to show anything else than the outer most's TLS certificate verification to the user. We show that there is a trend to embed security critical content from other site's into a website. We will use VISA's credit card submission form embedded in an <iframe> as example. We give detailed examples of existing tentatives to solve the problem. After analyzing them, we argue that a solution can only be at the web browser's core. Finally, we postulate five steps to be taken into consideration for to evaluate and structure future solutions.
  • Citation
  • BibTeX
Pöhls, H. C., (2010). Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications. In: Freiling, F. C. (Hrsg.), Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. (S. 265-276).
@inproceedings{mci/Pöhls2010,
author = {Pöhls, Henrich C.},
title = {Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications},
booktitle = {Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit},
year = {2010},
editor = {Freiling, Felix C.} ,
pages = { 265-276 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
DateienGroesseFormatAnzeige
265.pdf145.2Kb PDF View/Open

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback

More Info

ISBN: 978-3-88579-264-2
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2010
Language: en (en)
Content Type: Text/Conference Paper
Collections

Show full item record