### Does "www." Mean Better Transport Layer Security?

Eman Salem Alashwali, Pawel Szalachowski, and Andrew Martin

##### Abstract

Experience shows that most researchers and developers tend to treat plain-domains (those that are not prefixed with “www” sub-domains, e.g. “example.com”) as synonyms for their equivalent www-domains (those that are prefixed with “www” sub-domains, e.g. “www.example.com”). In this paper, we analyse datasets of nearly two million plain-domains against their equivalent www-domains to answer the following question: Do plain-domains and their equivalent www-domains differ in TLS security configurations and certificates? If so, to what extent? Our results provide evidence of an interesting phenomenon: plain-domains and their equivalent www-domains differ in TLS security configurations and certificates in a non-trivial number of cases. Furthermore, www-domains tend to have stronger security configurations than their equivalent plain-domains. Interestingly, this phenomenon is more prevalent in the most-visited domains than in randomly-chosen domains. Further analysis of the top domains dataset shows that 53.35% of the plain-domains that show one or more weakness indicators (e.g. expired certificate) that are not shown in their equivalent www-domains perform HTTPS redirection from HTTPS plain-domains to their equivalent HTTPS www-domains. Additionally, 24.71% of these redirections contains plain-text HTTP intermediate URLs. In these cases, users see the final www-domains with strong TLS configurations and certificates, but in fact, the HTTPS request has passed through plain-domains that have less secure TLS configurations and certificates. Clearly, such a set-up introduces a weak link in the security of the overall interaction.

Available format(s)
Category
Applications
Publication info
Published elsewhere. 14th International Conference on Availability, Reliability and Security (ARES 2019)
Keywords
networkinternetsecurityanalysisprotocolTLSSSLmeasurementapplied cryptography
Contact author(s)
eman alashwali @ gmail com
History
Short URL
https://ia.cr/2019/941

CC BY

BibTeX

@misc{cryptoeprint:2019/941,
author = {Eman Salem Alashwali and Pawel Szalachowski and Andrew Martin},
title = {Does "www." Mean Better Transport Layer Security?},
howpublished = {Cryptology ePrint Archive, Paper 2019/941},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/941}},
url = {https://eprint.iacr.org/2019/941}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.