Skip to Main content Skip to Navigation
Conference papers

Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services

Abstract : TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors - like compromised CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks - TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.In this paper, we are the first to present a long-term study on the operation of TLS notary services. We evaluated the services using active performance measurements over a timespan of one year and discuss the effectiveness of TLS notary services in practice. Based on our findings, we propose the usage of multiple notary services in conjunction with a semi-trusted centralized proxy approach, so as to protect arbitrarily-sized networks on the network level without the need to install any software on the client machines. Lastly, we identify multiple issues that prevent the widespread use of TLS notary services in practice and propose steps to overcome them.
Document type :
Conference papers
Complete list of metadata

Cited literature [29 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Monday, November 13, 2017 - 11:46:47 AM
Last modification on : Monday, November 13, 2017 - 11:48:22 AM
Long-term archiving on: : Wednesday, February 14, 2018 - 1:30:22 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Georg Merzdovnik, Klaus Falb, Martin Schmiedecker, Artemios Voyiatzis, Edgar Weippl. Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. pp.331-346, ⟨10.1007/978-3-319-41483-6_23⟩. ⟨hal-01633686⟩



Record views


Files downloads