CISPA
Browse

A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right

Download (1.12 MB)
conference contribution
posted on 2023-11-29, 18:11 authored by Christian Tiefenau, Emanuel von Zezschwitz, Maximilian Häring, Katharina KrombholzKatharina Krombholz, Matthew Smith
The correct configuration of HTTPS is a complex set of tasks, which many administrators have struggled with in the past. Let's Encrypt and Electronic Frontier Foundation's Certbot aim to improve the TLS ecosystem by offering free trusted certificates (Let's Encrypt) and by providing user-friendly support to configure and harden TLS (Certbot). Although adoption rates have increased, to date, there has been only a little scientific evidence of the actual usability and security benefits of this semi-automated approach. Therefore, we conducted a randomized control trial to evaluate the usability of Let's Encrypt and Certbot in comparison to the traditional certificate authority approach. We performed a within-subjects lab study with 31 participants. The study sheds light on the security and usability enhancements that Let's Encrypt and Certbot provide. We highlight how usability improvements aimed at administrators can have a large impact on security and discuss takeaways for Certbot and other security-related tasks that experts struggle with.

History

Preferred Citation

Christian Tiefenau, Zezschwitz von, Maximilian Häring, Katharina Krombholz and Matthew Smith. A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right. In: ACM Conference on Computer and Communications Security (CCS). 2019.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date

2019-10-14

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2977, title = "A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right", author = "Tiefenau, Christian and von Zezschwitz, Emanuel and Häring, Maximilian and Krombholz, Katharina and Smith, Matthew", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC