A Qualitative Comparison of SSL Validation Alternatives

Add to your list(s) Download to your calendar using vCal

• Henning Perl, Leibniz Universität Hannover
• Monday 29 July 2013, 11:00-12:00
• Room 245, School of Computer Science.

If you have a question about this talk, please contact Vincent Cheval.

Although SSL /TLS is in widespread use today, certificate validation currently suffers from the weakest link property created by the fact that any trusted CA can sign a certificate for any domain. Thus, if a single CA is compromised or coerced, any and all hosts using CA-signed certificates can be endangered. Several recent high profile hacking cases have brought attention to this problem and a number of promising new approaches to strengthen SSL security are being discussed. In this talk we propose an evaluation framework based on a catalog of desirable benefits of SSL validation systems. We evaluate the current CA-based PKI and the the following alternative approaches: Perspectives, Convergence, Certificate Transparency, Sovereign Keys, TACK and DANE . We identify the different strengths and weaknesses of the systems, try to shed light on the trade-offs all systems have to make and show which disadvantages they incur that currently hinder adoption.

The talk will be around 30-40 minutes, although the discussions might last longer and be more interesting than than the talk alone.

Looking forward to meeting you!

This talk is part of the Computer Security Seminars series.

This talk is included in these lists:

• Computer Science Departmental Series
• Computer Science Distinguished Seminars
• Computer Security Seminars
• Room 245, School of Computer Science
• computer sience

Note that ex-directory lists are not shown.