Publication | Open Access
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
215
Citations
45
References
2013
Year
Unknown Venue
EngineeringUsable SecurityInformation SecurityTrust Management ArchitectureCertificate InfrastructurePublic Key InfrastructureInternet SecurityPast ChallengesData PrivacyTrustComputer ScienceData SecurityCryptographyTrustworthy ComputingTrusted SystemInternet Users TodayCertificate Trust ModelTrust PrivacySecurityTechnologyBlockchain
HTTPS is widely used for secure web communication, yet it has faced numerous attacks, a growing number of browser‑trusted certificate authorities, and declining baseline issuance diligence. This work surveys and categorizes key HTTPS security issues, offering a systematic historical overview and identifying ongoing challenges to guide future research. The authors conduct a comparative evaluation of existing certificate infrastructure enhancement proposals, drawing on their survey and categorization to assess practical viability.
Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certificate authorities has proliferated, while the due diligence in baseline certificate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions. We also provide a comparative evaluation of current proposals for enhancing the certificate infrastructure used in practice.
| Year | Citations | |
|---|---|---|
Page 1
Page 1