Watch U - La webTV de l'UDA ! https://webtv.u-clermont1.fr Toutes les dernières vidéos de l'Université d'Auvergne. Toutes les dernières vidéos de l'Université d'Auvergne. Wed, 20 Sep 2017 00:00:00 +0200 2017 <![CDATA[Séminaire confiance numérique (Ioana Boureanu Carlson, University of Surrey, Surrey Centre for Cyber Security (SCCS), UK)]]> https://webtv.u-clermont1.fr/media-MEDIA161201175819762

How (not) to use TLS between 3 parties

In this talk, we will explore the case of TLS between a client and a server, being mediated in particular way by a middle-man embodied by a CDN, i.e., a content delivery network.

We specifically discuss the case of the so-called “Keyless SSL”, where the server retains its private key and the mediating CDN uses the server as proxy during the TLS handshake. We disclose vulnerabilities on this design and discuss different repairs.

Throughout, we emphasise on what we believe to be the (old and reinforced, as well as the new) security requirements and model needed when lifting TLS from the classical 2-party setting to the 3-party one.

]]>
Thu, 01 Dec 2016 02:12:00 +0100