Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
Back To Schedule
Thursday, August 22 • 11:00am - 11:45am
Qualitative Comparison of SSL Validation Alternatives

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Although SSL/TLS is in widespread use today, certificate validation currently suffers from the weakest link property created by the fact that any trusted CA can sign a certificate for any domain. Thus, if a single CA is compromised or coerced, any and all hosts using CA- signed certificates can be endangered. Several recent high profile hacking cases have brought attention to this problem and a number of promising new approaches to strengthen SSL security are being discussed. In this paper we propose an evaluation framework based on a catalog of desirable benefits of SSL validation systems. We evaluate the current CA-based PKI and the the following alternative approaches: Perspectives, Conver- gence, Certificate Transparency, Sovereign Keys, TACK and DANE. We identify the different strengths and weaknesses of the systems, try to shed light on the trade-offs all systems have to make and show which disadvantages they incur that currently hinder adoption.


Sascha Fahl

Sascha Fahl is a PhD student and research assistant at the Distributed Computing & Security Group at Leibniz University Hannover, Germany. He studied Computer Science at Philipps University Marburg where he received his Diplom in 2011. His current research is focused on usability... Read More →
avatar for Henning Perl

Henning Perl

Henning Perl received his Master's degree in computer science in December 2011 from the Leibniz University Hanover, Germany and joined the university's Distributed Computing & Security Group in January 2012 as a doctorate student. While he was still a graduate student he developed... Read More →
avatar for Matthew Smith

Matthew Smith

Prof. Smith is a Professor of Computer Science at Leibniz University Hannover, Germany where he leads the Distributed Computing & Security Group. He studied Computer Science at the University of Siegen and received a PhD from Philipps University Marburg in 2008. His current research... Read More →

Thursday August 22, 2013 11:00am - 11:45am CEST