Cryptology ePrint Archive: Report 2013/538

Practical Issues with TLS Client Certificate Authentication

Arnis Parsovs

Abstract: The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server side and browser implementations. In particular we analyze Apache mod_ssl implementation on server side and the most popular browsers - Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on client side. We complement our paper with a case study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations for TLS implementations on the client and server side to improve the security and usability of TLS client certificate authentication.

Category / Keywords: implementation /

Date: received 27 Aug 2013

Contact author: arnis at ut ee

Available format(s): PDF | BibTeX Citation

Version: 20130830:114223 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]