[1] Vratonjic N., Freudiger, J., Bindschaedler, V., and Hubaux, J.-P., 2011. The Inconvenient Truth about Web Certificates. in Proceedings of the Tenth Workshop on Economics of Information Security (WEIS 2011). George Mason University, Fairfax, Virginia, USA, 79-117
Available: http://weis2011.econinfosec.org/papers/The%20Inconvenient%20Truth%20about%20Web%20Certificates.pdf
This paper is a study that analyzes data on how websites implement certificate-based authentication. It discovers that few websites actually implement certificate-based authentication properly, describes the causes of this issue, examines the results of this behavior, and recommends solutions to fix the problem.
The beginnings of the paper are a great introduction to certificates and what they do. The statistics they discover are worrying and I hope that people who work in this field will read this article and double-check their authentication processes.
[2] Gilbertson, Scott, 2011. HTTPS is more secure, so why isn’t the Web using it? Ars Technica
Available:
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/
This is an article about why all websites don't use https, even though it is more secure.
After reading "The Inconvenient Truth about Web Certificates" [1], I wondered "Why don't all websites use https because it is more secure?" The article answered my question. It was written for the Ars Technica online website, which is a publisher of content for IT people. However, this article is concise and relatively easy to understand.
Available: http://weis2011.econinfosec.org/papers/The%20Inconvenient%20Truth%20about%20Web%20Certificates.pdf
This paper is a study that analyzes data on how websites implement certificate-based authentication. It discovers that few websites actually implement certificate-based authentication properly, describes the causes of this issue, examines the results of this behavior, and recommends solutions to fix the problem.
The beginnings of the paper are a great introduction to certificates and what they do. The statistics they discover are worrying and I hope that people who work in this field will read this article and double-check their authentication processes.
[2] Gilbertson, Scott, 2011. HTTPS is more secure, so why isn’t the Web using it? Ars Technica
Available:
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/
This is an article about why all websites don't use https, even though it is more secure.
After reading "The Inconvenient Truth about Web Certificates" [1], I wondered "Why don't all websites use https because it is more secure?" The article answered my question. It was written for the Ars Technica online website, which is a publisher of content for IT people. However, this article is concise and relatively easy to understand.