Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop 2020
DOI: 10.1145/3411495.3421362
|View full text |Cite
|
Sign up to set email alerts
|

Short-Lived Forward-Secure Delegation for TLS

Abstract: On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) while ensuring the authenticity of connections results in a challenging delegation problem. When CDN servers provide content, they have to authenticate themselves as the origin server to establish a valid end-to-end TLS connection with the client. In standard TLS, the latter requires access to the secret key of the server. To curb this problem, multiple workarounds exist to realize a delegation of the authentica… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
3

Citation Types

0
3
0

Year Published

2023
2023
2023
2023

Publication Types

Select...
1

Relationship

0
1

Authors

Journals

citations
Cited by 1 publication
(3 citation statements)
references
References 59 publications
(72 reference statements)
0
3
0
Order By: Relevance
“…Yet, reasons to break up-or redefine the ends of-endto-end connections have repeatedly been put forward, e.g., to improve performance for the user and/or the network operator. Such optimizations may take different shapes, illustrated by: (a) Content Distribution Networks effectively "cheat" on the origin server certificates to allow for faster content and service delivery to the users from closer-by locations: they do maintain the end-to-end transport but redefine the server-end [1]. (b) Operators of (sub)networks with path properties that are notably different from the "typical" Internet characteristics often apply flavors of connection splitting using Performance Enhancing Proxies (PEPs) to create independent control loops, typically for congestion or error control, in order to speed up connections at the transport layer [2].…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations
“…Yet, reasons to break up-or redefine the ends of-endto-end connections have repeatedly been put forward, e.g., to improve performance for the user and/or the network operator. Such optimizations may take different shapes, illustrated by: (a) Content Distribution Networks effectively "cheat" on the origin server certificates to allow for faster content and service delivery to the users from closer-by locations: they do maintain the end-to-end transport but redefine the server-end [1]. (b) Operators of (sub)networks with path properties that are notably different from the "typical" Internet characteristics often apply flavors of connection splitting using Performance Enhancing Proxies (PEPs) to create independent control loops, typically for congestion or error control, in order to speed up connections at the transport layer [2].…”
Section: Introductionmentioning
confidence: 99%
“…There appears to be general consensus on protecting the end-to-end information exchange from observation and modification inside the network, rendering any sort of transparent middlebox a non-starter 1 . This implies that introducing "innetwork" functions like the above require a conscious decision and consent by either or both endpoints of an end-to-end connection to selectively expose information to specific nodes.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation