On the Validation of Web X.509 Certificates by TLS interception products

Autor: Omar Alfandi, Abdelmalek Benzekri, Ahmad Samer Wazan, David W. Chadwick, Eddie Billoir, Rémi Venant, Romain Laborde
Přispěvatelé: Service IntEgration and netwoRk Administration (IRIT-SIERA), Institut de recherche en informatique de Toulouse (IRIT), Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées, University of Kent [Canterbury], Université Toulouse III - Paul Sabatier (UT3), Zayed University
Jazyk: angličtina
Rok vydání: 2020
Předmět:
Zdroj: IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing, Institute of Electrical and Electronics Engineers, 2020, pp.1-1. ⟨10.1109/TDSC.2020.3000595⟩
ISSN: 1545-5971
DOI: 10.1109/TDSC.2020.3000595⟩
Popis: The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data. It is based on X.509 Certificates. Our previous research showed that popular Web Browsers exhibit non-standardized behaviour with respect to the certificate validation process [1]. This paper extends that work by examining their handling of OCSP Stapling. We also examine several popular HTTPS interception products, including proxies and anti-virus tools, regarding their certificate validation processes. We analyse and compare their behaviour to that described in the relative standards. Finally, we propose a system that allows the automation of certificate validation tests.
Databáze: OpenAIRE
Externí odkaz: