Welcome to the resource topic for 2013/538
Title:
Practical Issues with TLS Client Certificate Authentication
Authors: Arnis Parsovs
Abstract:The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server-side and browser implementations. In particular, we analyze Apache’s mod_ssl implementation on the server side and the most popular browsers – Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on the client side. We complement our paper with a measurement study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations to improve the security and usability of TLS client certificate authentication.
ePrint: https://eprint.iacr.org/2013/538
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .