Matthew Bernhard, John Sharman, C. Acemyan, P. Kortum, D. Wallach, J. A. Halderman
{"title":"关于HTTPS部署的可用性","authors":"Matthew Bernhard, John Sharman, C. Acemyan, P. Kortum, D. Wallach, J. A. Halderman","doi":"10.1145/3290605.3300540","DOIUrl":null,"url":null,"abstract":"HTTPS and TLS are the backbone of Internet security, however setting up web servers to run these protocols is a notoriously difficult process. In this paper, we perform two live subjects usability studies on the deployment of HTTPS in a real-world setting. Study 1 is a within subjects comparison between traditional HTTPS configuration (purchasing a certificate and installing it on a server) and Let's Encrypt, which automates much of the process. Study 2 is a between subjects study looking at the same two systems, examining why users encounter usability issues. Overall we confirm past results that HTTPS is difficult to deploy, and we find some evidence that suggests Let's Encrypt is an easier, more efficient method for deploying HTTPS.","PeriodicalId":20454,"journal":{"name":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"On the Usability of HTTPS Deployment\",\"authors\":\"Matthew Bernhard, John Sharman, C. Acemyan, P. Kortum, D. Wallach, J. A. Halderman\",\"doi\":\"10.1145/3290605.3300540\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"HTTPS and TLS are the backbone of Internet security, however setting up web servers to run these protocols is a notoriously difficult process. In this paper, we perform two live subjects usability studies on the deployment of HTTPS in a real-world setting. Study 1 is a within subjects comparison between traditional HTTPS configuration (purchasing a certificate and installing it on a server) and Let's Encrypt, which automates much of the process. Study 2 is a between subjects study looking at the same two systems, examining why users encounter usability issues. Overall we confirm past results that HTTPS is difficult to deploy, and we find some evidence that suggests Let's Encrypt is an easier, more efficient method for deploying HTTPS.\",\"PeriodicalId\":20454,\"journal\":{\"name\":\"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3290605.3300540\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3290605.3300540","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
HTTPS and TLS are the backbone of Internet security, however setting up web servers to run these protocols is a notoriously difficult process. In this paper, we perform two live subjects usability studies on the deployment of HTTPS in a real-world setting. Study 1 is a within subjects comparison between traditional HTTPS configuration (purchasing a certificate and installing it on a server) and Let's Encrypt, which automates much of the process. Study 2 is a between subjects study looking at the same two systems, examining why users encounter usability issues. Overall we confirm past results that HTTPS is difficult to deploy, and we find some evidence that suggests Let's Encrypt is an easier, more efficient method for deploying HTTPS.