2020
DOI: 10.1145/3419472
|View full text |Cite
|
Sign up to set email alerts
|

Will You Trust This TLS Certificate?

Abstract: Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much the content of error messages and documentation influences these perceptions… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
3

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(2 citation statements)
references
References 40 publications
0
2
0
Order By: Relevance
“…However, the current documentation of certificate validation errors is too short. The survey of OpenSSL, GnuTLS, Botan, mbedTLS and Microsoft CryptoAPI by Ukrop et al [30] shows neither of these libraries has a median length of the certificate validation error message over eight words. The corresponding section in the documentation (if it exists) is only a tad longer, with the median of eight (mbedTLS), nine (OpenSSL, GnuTLS) or sixteen (MS Cryp-toAPI) words.…”
Section: The World Of X509 Certificatesmentioning
confidence: 99%
See 1 more Smart Citation
“…However, the current documentation of certificate validation errors is too short. The survey of OpenSSL, GnuTLS, Botan, mbedTLS and Microsoft CryptoAPI by Ukrop et al [30] shows neither of these libraries has a median length of the certificate validation error message over eight words. The corresponding section in the documentation (if it exists) is only a tad longer, with the median of eight (mbedTLS), nine (OpenSSL, GnuTLS) or sixteen (MS Cryp-toAPI) words.…”
Section: The World Of X509 Certificatesmentioning
confidence: 99%
“…Apart from the error message in the log, they usually consult the official documentation or browse the Internet. On the one hand, as of 2021, the documentation of the certificate validation errors was extremely poor -the median length of an error message in commonly used libraries was just six words, with the official documentation having on average only thirteen words [30]. On the other hand, using informal online resources instead of the documentation was shown to lead to less secure code [2].…”
Section: Introductionmentioning
confidence: 99%