Abstract
Certificate Transparency ([16]), an open framework promoted by Google Inc. for monitoring and auditing SSL / TLS certificates, has a massive impact on the trust model of the internet ecosystem. As of March 2015, the implementation of this framework is required by the Internet browser Chrome for all Extended Validation Certificates (EVC-SSL). In this paper, the concepts and the structure of Certificate Transparency are explained and the impact on the existing players in the SSL / TLS ecosystem are discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
E. Rescorla: SSL and TLS. Designing and building secure systems. Addison-Wesley, New York NY u. a. 2001.
OpenSSL Security Advisory vom 7. April 2014, reviewed on 30.06.2014.
K. Bhargavan, A. Delignat-Lavaud, Fournet, C., Pironti, A., and P. Strub, “Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS”, Unpublished draft , 2014.
L. A. Kaplan, O. Lendl: Zwischenbericht DigiNotar Certificate Authority Hack und Relevanz für Österreich, Cert.at. 2011.
“Report of incident on 15-MAR-2011”. Comodo group. Reviewed on 30.06.2014
T. Duong, J. Rizzo: Here Come The Ninjas, 2011. (https://bug665814.bugzilla.mozilla.org/attachment.cgi?Id=540839, reviewed on 30.06.2014).
J. Ball, J.Borger, and G. Greenwald “US and UK spy agencies defeat privacy and security on the internet”. The Guardian, September 5, 2013. (http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security , reviewed on 30.06.2014)
B. Beck: LibreSSL – An OpenSSL replacement. The first 30 days,and where we go from here. BSDCAN 2014. (http://www.openbsd.org/papers/bsdcan14-libressl/ , reviews on 30.06.2014.
A. Langley: BoringSSL, https://www.imperialviolet.org/2014/06/20/boringssl.html und https://boringssl.googlesource.com/?format=HTML, reviewed on 30.06.2014.
J. Schwenk: Sicherheit und Kryptographie im Internet. Von sicherer E-Mail bis zu IP-Verschlüsselung, herausgegeben von Vieweg+Teubner Verlag / GWV Fachverlage GmbH, Wiesbaden, 2010.
C.Eckert: IT-Sicherheit. Konzepte – Verfahren – Protokolle. 6. überarbeitete Auflage. Oldenbourg, München u. a. 2009.
A. Langley Enhancing digital certificate security, http://googleonlinesecurity.blogspot.de/2013/01/enhancing-digital-certificate-security.html, reviewed on 30.06.2014.
RFC 6698 – The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
Pinning QUELLE
D. Barrett,R. Silverman,R. Byrnes: SSH, The Secure Shell: The Definitive Guide, O’Reilly & Associates, 2005.
RFC 6962 – Certificate Transparency, Experimental Request for Comments
RFC 6844 – DNS Certification Authority Authorization (CAA) Resource Record
CA/Browser Forum, https://cabforum.org/, reviewed on 30.06.2014
http://www.certificate-transparency.org/ , reviewed on 30.06.2014
Certificate Transparency Log Policy, https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency/log-policy, reviewed on 30.06.2014
http://www.internetworldstats.com/stats.htm, reviewed on 30.06.2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Fachmedien Wiesbaden
About this paper
Cite this paper
Fiedler, A., Thiel, C. (2014). The need of European White Knights for the TLS/SSL Certificate System. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2014 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-06708-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-658-06708-3_13
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-06707-6
Online ISBN: 978-3-658-06708-3
eBook Packages: Computer ScienceComputer Science (R0)