Web PKI: Closing the Gap between Guidelines and Practices

Abstract : A string of recent attacks against the global public key infrastructure (PKI) has brought to light weaknesses in the certification authority (CA) system. In response, the CA/Browser Forum, a consortium of certification authorities and browser vendors, published in 2011 a set of requirements applicable to all certificates intended for use on the Web and issued after July 1st, 2012, following the successful adoption of the extended validation guidelines in 2007. We evaluate the actual level of adherence to the CA/Browser Forum guidelines over time, as well as the impact of each violation, by inspecting a large collection of certificates gathered from Web crawls. We further refine our analysis by automatically deriving profile templates that characterize the makeup of certificates per issuer. By integrating these templates with violation statistics, we are able to depict the practices of certification authorities worldwide, and thus to monitor the PKI and proactively detect major violations. Our method also provides new means of assessing the trustworthiness of SSL certificates used on the Web.
Type de document :
Communication dans un congrès
Network and Distributed System Security Symposium, Feb 2014, San Diego, United States. Internet Society, 2014, 〈10.14722/ndss.2014.23305〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01102254
Contributeur : Bruno Blanchet <>
Soumis le : lundi 12 janvier 2015 - 13:30:30
Dernière modification le : vendredi 25 mai 2018 - 12:02:06

Lien texte intégral

Identifiants

Collections

Citation

Antoine Delignat-Lavaud, Martin Abadí, Matthew Birrell, Ilya Mironov, Ted Wobber, et al.. Web PKI: Closing the Gap between Guidelines and Practices. Network and Distributed System Security Symposium, Feb 2014, San Diego, United States. Internet Society, 2014, 〈10.14722/ndss.2014.23305〉. 〈hal-01102254〉

Partager

Métriques

Consultations de la notice

162