{"id":13377,"date":"2021-12-09T21:07:09","date_gmt":"2021-12-10T02:07:09","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13377"},"modified":"2026-06-02T14:59:23","modified_gmt":"2026-06-02T18:59:23","slug":"tr-13-01-ssl-and-https-revisiting-past-challenges-and-evaluating-certi%ef%ac%81cate-trust-model-enhancements","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2013\/tr-13-01-ssl-and-https-revisiting-past-challenges-and-evaluating-certi%ef%ac%81cate-trust-model-enhancements\/","title":{"rendered":"TR-13-01: SSL and HTTPS: Revisiting past challenges and evaluating certi\ufb01cate trust model enhancements"},"content":{"rendered":"\n
\n
\n\n
\n
\n
\n

\n TR-13-01: SSL and HTTPS: Revisiting past challenges and evaluating certi\ufb01cate trust model enhancements\n <\/h1>\n \n \n <\/header>\n\n <\/div>\n\n <\/div>\n\n <\/div>\n<\/section>\n\n

Carleton University
\nTechnical Report<\/a> TR-13-01
\nMarch 7, 2013<\/p>\n\n\n\n

SSL and HTTPS: Revisiting past challenges and evaluating certi\ufb01cate trust model enhancements<\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n
Jeremy Clark & Paul C. van Oorschot<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n

Abstract<\/h3>\n

Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certi\ufb01cate trust model it uses have been hypothesized, executed, and\/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certi\ufb01cate authorities has proliferated, while the due diligence in baseline certi\ufb01cate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions. We also provide a comparative evaluation of current proposals for enhancing the certi\ufb01cate infrastructure used in practice.<\/p>\n

TR-13-01.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Carleton University Technical Report TR-13-01 March 7, 2013 SSL and HTTPS: Revisiting past challenges and evaluating certi\ufb01cate trust model enhancements Jeremy Clark & Paul C. van Oorschot Abstract Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certi\ufb01cate trust […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12514,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13377","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13377"}],"version-history":[{"count":2,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13377\/revisions"}],"predecessor-version":[{"id":13382,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13377\/revisions\/13382"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12514"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13377"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}