TLS Mashups
TLS Connection MashUp
This page loads its parts from many different HTTPS sources.
It demonstrates the Browser's inability to signal the user that different SSL certificate validation have been performed.
Please visit this page using HTTPS to see if there are any differences.
This page was compiled to demonstrate the points I have raised in the paper
"Why Showing one TLS Certificate is not enough? Towards a Browser Feedback for Multiple TLS Certificate Verifications"
(appeared in GI Sicherheit 2010 - Gesellschaft für Informatik, GI, 2010. pdf...bibtex ...
Of course if a TLS site includes http content inside https, then the browser can give a "mixed content" warning (depends on user's configuration).
- Opera 10.61 Build 8429 - Mac OS X 10.6.7
- Opera 11.10 Build 2092 - Windows 7
- Firefox 4.0 - Mac OSX 10.6.7
2. Element is an <script src="https://www.google.com/jsapi">
3. Element is an <img src="https://static.addons.mozilla.net/media/img/zamboni/app_icons/firefox.png?b=da50f35">
- Opera 10.61 Build 8429 Mac OS X 10.6.7
- Firefox 4.0 - Mac OSX 10.6.7
4. Element is an <img src="https://www.visa.de/assets/images/global/visalogo.gif">
- Opera 10.61 Build 8429 Mac OS X 10.6.7
- Opera 11.10 Build 2092 - Windows 7
- Firefox 4.0 - Mac OSX 10.6.7
Share this page
