Logo des Repositoriums
 
Konferenzbeitrag

Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2010

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

Content reuse on the Web 2.0 is a common "phenomenon". However, it has now reached critical and sensitive areas, as for example online shopping's submission forms for credit card data. Browsers lack the ability to show anything else than the outer most's TLS certificate verification to the user. We show that there is a trend to embed security critical content from other site's into a website. We will use VISA's credit card submission form embedded in an <iframe> as example. We give detailed examples of existing tentatives to solve the problem. After analyzing them, we argue that a solution can only be at the web browser's core. Finally, we postulate five steps to be taken into consideration for to evaluate and structure future solutions.

Beschreibung

Pöhls, Henrich C. (2010): Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications. Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-264-2. pp. 265-276. Regular Research Papers. Berlin. 5.-7. Oktober 2010

Schlagwörter

Zitierform

DOI

Tags