Paper 2013/538
Practical Issues with TLS Client Certificate Authentication
Arnis Parsovs
Abstract
The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server side and browser implementations. In particular we analyze Apache mod_ssl implementation on server side and the most popular browsers - Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on client side. We complement our paper with a case study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations for TLS implementations on the client and server side to improve the security and usability of TLS client certificate authentication.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- arnis @ ut ee
- History
- 2014-01-07: revised
- 2013-08-30: received
- See all versions
- Short URL
- https://ia.cr/2013/538
- License
-
CC BY