%T Keyjacking: The Surprising Insecurity of Client-side SSL
%A John Marchesini
%A Sean W. Smith
%A Meiyuan Zhao
%R Technical Report TR2004-489
%I Dartmouth College, Computer Science
%C Hanover, NH
%D February 13,
%U http://www.cs.dartmouth.edu/reports/TR2004-489.pdf
%X
 In theory, PKI can provide a flexible and strong way to authenticate
 users in distributed information systems.  In practice, much is being
 invested in realizing this vision via client-side SSL and various
 client keystores.  However, whether this works depends on whether what
 the machines do with the private keys matches what the humans think
 they do: whether a server operator can conclude from an SSL request
 authenticated with a user's private key that the user was aware of and
 approved that request.  Exploring this vision, we demonstrate via a
 series of experiments that this assumption does not hold with standard
 desktop tools, even if the browser user does all the right things.  A
 fundamental rethinking of the trust, usage, and storage model might
 result in more effective tools for achieving the PKI vision.
%Z
 This TR supercedes TR2003-443.  A preliminary version appeared in the
 proceedings of the 2nd Annual PKI Research Workshop in April of 2003.