CISPA
Browse

File(s) not publicly available

Are HTTPS Configurations Still a Challenge?: Validating Theories of Administrators' Difficulties with TLS Configurations

conference contribution
posted on 2023-11-29, 18:21 authored by Alexandra Mai, Oliver Schedler, Edgar Weippl, Katharina KrombholzKatharina Krombholz
HTTPS has been the standard for securing online communications for over 20 years. Despite the availability of tools to make the configuration process easier (e.g., Let’s Encrypt, Certbot), SSL Pulse scans show that still more than 50% of the most popular websites are poorly configured, which emphasizes room for improvement. Although a few recent studies looked at the remaining challenges for administrators in configuring HTTPS from a qualitative perspective, there is little work that produced quantitative results. Therefore, we conducted a survey with 96 experienced administrators (as opposed to a student sample) to investigate to which extent configuration problems revealed in prior studies actually exist in the wild. Our results confirm that Let’s Encrypt and ACME clients, such as Certbot, simplify configuration and maintenance for administrators, thus increasing the security of HTTPS configurations. Moreover, we extend the current body of work by examining the trust administrators put into Let’s Encrypt and Certbot. We found that trust and usability issues are currently barriers to the widespread adoption of Certbot.

History

Preferred Citation

Alexandra Mai, Oliver Schedler, Edgar Weippl and Katharina Krombholz. Are HTTPS Configurations Still a Challenge?: Validating Theories of Administrators' Difficulties with TLS Configurations. In: International Conference on HCI for Cybersecurity, Privacy, and Trust (HCI-CPT). 2022.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

International Conference on HCI for Cybersecurity, Privacy, and Trust (HCI-CPT)

Legacy Posted Date

2022-05-25

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3702, title = "Are HTTPS Configurations Still a Challenge?: Validating Theories of Administrators' Difficulties with TLS Configurations", author = "Mai, Alexandra and Schedler, Oliver and Weippl, Edgar and Krombholz, Katharina", booktitle="{International Conference on HCI for Cybersecurity, Privacy, and Trust (HCI-CPT)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC