Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications
dc.contributor.author | Pöhls, Henrich C. | |
dc.contributor.editor | Freiling, Felix C. | |
dc.date.accessioned | 2019-01-17T13:26:53Z | |
dc.date.available | 2019-01-17T13:26:53Z | |
dc.date.issued | 2010 | |
dc.description.abstract | Content reuse on the Web 2.0 is a common "phenomenon". However, it has now reached critical and sensitive areas, as for example online shopping's submission forms for credit card data. Browsers lack the ability to show anything else than the outer most's TLS certificate verification to the user. We show that there is a trend to embed security critical content from other site's into a website. We will use VISA's credit card submission form embedded in an <iframe> as example. We give detailed examples of existing tentatives to solve the problem. After analyzing them, we argue that a solution can only be at the web browser's core. Finally, we postulate five steps to be taken into consideration for to evaluate and structure future solutions. | en |
dc.identifier.isbn | 978-3-88579-264-2 | |
dc.identifier.pissn | 1617-5468 | |
dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/19788 | |
dc.language.iso | en | |
dc.publisher | Gesellschaft für Informatik e.V. | |
dc.relation.ispartof | Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit | |
dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-170 | |
dc.title | Why showing one TLS certificate is not enough? – Towards a browser feedback for multiple TLS certificate verifications | en |
dc.type | Text/Conference Paper | |
gi.citation.endPage | 276 | |
gi.citation.publisherPlace | Bonn | |
gi.citation.startPage | 265 | |
gi.conference.date | 5.-7. Oktober 2010 | |
gi.conference.location | Berlin | |
gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1