Advertisement

The need of European White Knights for the TLS/SSL Certificate System

  • Arno Fiedler
  • Christoph Thiel
Conference paper

Abstract

Certificate Transparency ([16]), an open framework promoted by Google Inc. for monitoring and auditing SSL / TLS certificates, has a massive impact on the trust model of the internet ecosystem. As of March 2015, the implementation of this framework is required by the Internet browser Chrome for all Extended Validation Certificates (EVC-SSL). In this paper, the concepts and the structure of Certificate Transparency are explained and the impact on the existing players in the SSL / TLS ecosystem are discussed.

Keywords

Open Framework Server Administrator Information Security Management Audit Service Malicious Intent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    E. Rescorla: SSL and TLS. Designing and building secure systems. Addison-Wesley, New York NY u. a. 2001.Google Scholar
  2. [2]
    OpenSSL Security Advisory vom 7. April 2014, reviewed on 30.06.2014.Google Scholar
  3. [3]
    K. Bhargavan, A. Delignat-Lavaud, Fournet, C., Pironti, A., and P. Strub, “Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS”, Unpublished draft , 2014.Google Scholar
  4. [4]
    L. A. Kaplan, O. Lendl: Zwischenbericht DigiNotar Certificate Authority Hack und Relevanz für Österreich, Cert.at. 2011.Google Scholar
  5. [5]
    “Report of incident on 15-MAR-2011”. Comodo group. Reviewed on 30.06.2014Google Scholar
  6. [6]
    T. Duong, J. Rizzo: Here Come The Ninjas, 2011. (https://bug665814.bugzilla.mozilla.org/attachment.cgi?Id=540839, reviewed on 30.06.2014).
  7. [7]
    J. Ball, J.Borger, and G. Greenwald “US and UK spy agencies defeat privacy and security on the internet”. The Guardian, September 5, 2013. (http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security , reviewed on 30.06.2014)
  8. [8]
    B. Beck: LibreSSL – An OpenSSL replacement. The first 30 days,and where we go from here. BSDCAN 2014. (http://www.openbsd.org/papers/bsdcan14-libressl/ , reviews on 30.06.2014.
  9. [9]
  10. [10]
    J. Schwenk: Sicherheit und Kryptographie im Internet. Von sicherer E-Mail bis zu IP-Verschlüsselung, herausgegeben von Vieweg+Teubner Verlag / GWV Fachverlage GmbH, Wiesbaden, 2010.Google Scholar
  11. [11]
    C.Eckert: IT-Sicherheit. Konzepte – Verfahren – Protokolle. 6. überarbeitete Auflage. Oldenbourg, München u. a. 2009.Google Scholar
  12. [12]
    A. Langley Enhancing digital certificate security, http://googleonlinesecurity.blogspot.de/2013/01/enhancing-digital-certificate-security.html, reviewed on 30.06.2014.
  13. [13]
    RFC 6698 – The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSAGoogle Scholar
  14. [14]
    Pinning QUELLEGoogle Scholar
  15. [15]
    D. Barrett,R. Silverman,R. Byrnes: SSH, The Secure Shell: The Definitive Guide, O’Reilly & Associates, 2005.Google Scholar
  16. [16]
    RFC 6962 – Certificate Transparency, Experimental Request for CommentsGoogle Scholar
  17. [17]
    RFC 6844 – DNS Certification Authority Authorization (CAA) Resource RecordGoogle Scholar
  18. [18]
    CA/Browser Forum, https://cabforum.org/, reviewed on 30.06.2014
  19. [19]
  20. [20]
  21. [21]

Copyright information

© Springer Fachmedien Wiesbaden 2014

Authors and Affiliations

  1. 1.Nimbus Technologieberatung GmbHBerlinGermany
  2. 2.University of Applied Sciences BielefeldMindenGermany

Personalised recommendations