{SSL/TLS} Certificates: Threat or Menace?

Eric Rescorla; Adam Langley; Brian Smith; Stephen Schultze; Steve Kent

SSL/TLS Certificates: Threat or Menace?

Moderator: Eric Rescorla, RTFM, Inc.
Panelists: Adam Langley, Google; Brian Smith, Mozilla; Stephen Schultze, Princeton University; Steve Kent, BBN Technologies

Abstract:

The security of SSL/TLS as used in practice depends on the security of the certificate hierarchy used to authenticate the servers. However, recent events have called the adequacy of that system into question: typical browsers trust a large number of root certificate authorities (trust anchors), and compromise of any of those anchors leads to the ability to impersonate more or less any server, as was demonstrated by the recent Comodo incident. Our panelists will talk about the state of the SSL/TLS authentication system, its future, and the various proposals for improvement and/or replacement.

Eric Rescorla, RTFM, Inc.

Adam Langley, Google

Brian Smith, Mozilla

Stephen Schultze, Princeton University

Steve Kent, BBN Technologies

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@inproceedings {266511,
author = {Eric Rescorla and Adam Langley and Brian Smith and Stephen Schultze and Steve Kent},
title = {{SSL/TLS} Certificates: Threat or Menace?},
booktitle = {20th USENIX Security Symposium (USENIX Security 11)},
year = {2011},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/usenix-security-11/ssltls-certificates-threat-or-menace},
publisher = {USENIX Association},
month = aug
}

Download