University of Birmingham > Talks@bham > Computer Security Seminars > A Qualitative Comparison of SSL Validation Alternatives

A Qualitative Comparison of SSL Validation Alternatives

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Vincent Cheval.

Although SSL /TLS is in widespread use today, certificate validation currently suffers from the weakest link property created by the fact that any trusted CA can sign a certificate for any domain. Thus, if a single CA is compromised or coerced, any and all hosts using CA-signed certificates can be endangered. Several recent high profile hacking cases have brought attention to this problem and a number of promising new approaches to strengthen SSL security are being discussed. In this talk we propose an evaluation framework based on a catalog of desirable benefits of SSL validation systems. We evaluate the current CA-based PKI and the the following alternative approaches: Perspectives, Convergence, Certificate Transparency, Sovereign Keys, TACK and DANE . We identify the different strengths and weaknesses of the systems, try to shed light on the trade-offs all systems have to make and show which disadvantages they incur that currently hinder adoption.

The talk will be around 30-40 minutes, although the discussions might last longer and be more interesting than than the talk alone.

Looking forward to meeting you!

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on from the University of Cambridge.