All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Will You Trust This TLS Certificate? Perceptions of People Working in IT

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F19%3A00111065" target="_blank" >RIV/00216224:14330/19:00111065 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1145/3359789.3359800" target="_blank" >http://dx.doi.org/10.1145/3359789.3359800</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3359789.3359800" target="_blank" >10.1145/3359789.3359800</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Will You Trust This TLS Certificate? Perceptions of People Working in IT

  • Original language description

    Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much does the content of error messages and documentation influence these perceptions. To shed light on these issues, we observed 75 attendees of an industrial IT conference investigating, different certificate validation errors. Furthermore, we focused on the influence of re-worded error messages and redesigned documentation. We find that people working in IT have very nuanced opinions regarding the tested certificate flaws with trust decisions being far from binary. The self-signed and the name constrained certificates seem to be over-trusted (the latter also being poorly understood). We show that even small changes in existing error messages and documentation can positively influence resource use, comprehension, and trust assessment. Our conclusions can be directly used in practice by adopting the re-worded error messages and documentation.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2019

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 35rd Annual Computer Security Applications Conference

  • ISBN

    9781450376280

  • ISSN

  • e-ISSN

  • Number of pages

    14

  • Pages from-to

    718-731

  • Publisher name

    Association for Computing Machinery

  • Place of publication

    New York, NY, USA

  • Event location

    San Juan, Puerto Rico, USA

  • Event date

    Dec 9, 2019

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000540643900055

Similar results(10)

Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version)Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation ErrorsLinguistic persuasive strategies in the process of advertising a school