{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T10:36:11Z","timestamp":1764239771442},"publisher-location":"New York, NY","reference-count":41,"publisher":"Springer New York","isbn-type":[{"type":"print","value":"9781461419808"},{"type":"electronic","value":"9781461419815"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-1-4614-1981-5_5","type":"book-chapter","created":{"date-parts":[[2012,9,24]],"date-time":"2012-09-24T22:57:39Z","timestamp":1348527459000},"page":"79-117","source":"Crossref","is-referenced-by-count":29,"title":["The Inconvenient Truth About Web Certificates"],"prefix":"10.1007","author":[{"given":"Nevena","family":"Vratonjic","sequence":"first","affiliation":[]},{"given":"Julien","family":"Freudiger","sequence":"additional","affiliation":[]},{"given":"Vincent","family":"Bindschaedler","sequence":"additional","affiliation":[]},{"given":"Jean-Pierre","family":"Hubaux","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,7,27]]},"reference":[{"key":"5_CR1","unstructured":"VeriSign Inc. URL \n                http:\/\/www.verisign.com\/ssl\/buy-ssl-certificates\/secure-site-services\/index.html"},{"key":"5_CR2","unstructured":"The SSL Protocol, Version 3.0 (1996) URL \n                http:\/\/tools.ietf.org\/html\/draft-ietf-tls-ssl-version3-00"},{"key":"5_CR3","unstructured":"Internet X.509 Public Key Infrastructure Certificate and CRL Profile (1999) URL \n                http:\/\/www.ietf.org\/rfc\/rfc2459.txt"},{"key":"5_CR4","unstructured":"The TLS Protocol, Version 1.0 (1999) URL \n                http:\/\/tools.ietf.org\/html\/rfc2246"},{"key":"5_CR5","unstructured":"HTTP Over TLS (2000) URL \n                http:\/\/tools.ietf.org\/html\/rfc2818"},{"key":"5_CR6","unstructured":"Cardholders targetted by Phishing attack using visa-secure.com (2004) URL \n                http:\/\/news.netcraft.com\/archives\/2004\/10\/08\/cardholders_targetted_by_phishing_attack_using_visasecurecom.html"},{"key":"5_CR7","unstructured":"Transport Layer Security (TLS) Extensions (2006) URL \n                http:\/\/tools.ietf.org\/html\/rfc4366"},{"key":"5_CR8","unstructured":"Has Firefox 3 certificate handling become too scary? (2008) URL \n                http:\/\/www.betanews.com\/article\/Has-Firefox-3-certificate-handling-become-too-scary\/1219180509"},{"key":"5_CR9","unstructured":"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (2008) URL \n                http:\/\/tools.ietf.org\/html\/rfc5280"},{"key":"5_CR10","unstructured":"Tim Callan\u2019s SSL Blog, MD5 attack resolved (2008) URL \n                https:\/\/blogs.verisign.com\/ssl-blog\/2008\/12\/on_md5_vulnerabilities_and_mit.php"},{"key":"5_CR11","unstructured":"EV and SSL Certificate Trends For The Top 100 Retailers (2010) URL \n                http:\/\/www.lexiconn.com\/blog\/2010\/09\/ev-ssl-top-100-retailers\/"},{"key":"5_CR12","unstructured":"Guidelines For The Issuance And Management Of Extended Validation Certificates (2010) URL \n                http:\/\/www.cabforum.org\/Guidelines_v1_3.pdf"},{"key":"5_CR13","unstructured":"Alexa the Web Information Company (2011) URL \n                http:\/\/www.alexa.com\/"},{"key":"5_CR14","unstructured":"Home of the Mozilla Project (2011) URL \n                http:\/\/www.mozilla.org\/"},{"key":"5_CR15","unstructured":"Improving SSL certificate security (2011) URL \n                http:\/\/googleonlinesecurity.blogspot.com\/2011\/04\/improving-ssl-certificate-security.html"},{"key":"5_CR16","unstructured":"OpenSSL: Documents, verify(1) (2011) URL \n                http:\/\/www.openssl.org\/docs\/apps\/verify.html"},{"key":"5_CR17","unstructured":"OpenSSL: The Open Source toolkit for SSL\/TLS (2011) URL \n                http:\/\/www.openssl.org\/"},{"key":"5_CR18","unstructured":"SQLite Home Page (2011) URL \n                http:\/\/www.sqlite.org\/"},{"key":"5_CR19","unstructured":"SSL Certificate for Mozilla.com Issued Without Validation (2011) URL \n                http:\/\/www.sslshopper.com\/article-ssl-certificate-for-mozilla.com-issued-without-validation.html"},{"key":"5_CR20","unstructured":"The EFF SSL Observatory \u2014 Electronic Frontier Foundation (2011) URL \n                http:\/\/www.eff.org\/observatory"},{"key":"5_CR21","unstructured":"Trusted Certificates vs. Browser Recognized Certificates (2011) URL \n                http:\/\/www.instantssl.com\/ssl-certificate-support\/guides\/ssl-certificate-validation.html"},{"key":"5_CR22","unstructured":"What are the types of SSL Certificates? (2011) URL \n                http:\/\/www.globalsign.com\/ssl-information-center\/what-are-the-types-of-ssl-certificate.html"},{"key":"5_CR23","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1109\/MSP.2008.131","volume":"6","author":"D Ahmad","year":"2008","unstructured":"Ahmad D (2008) Two years of broken crypto: Debian\u2019s dress rehearsal for a global PKI compromise. IEEE Security and Privacy 6:70\u201373","journal-title":"IEEE Security and Privacy"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Anderson R, Moore T (2007) Information security economics\u2014and beyond. CRYPTO, pp 68\u201391","DOI":"10.1007\/978-3-540-74143-5_5"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Biddle R, Oorschot PCV, Sobey J, Whalen T, Patrick AS (2009) Browser interfaces and extended validation SSL certificates: an empirical study. In: CCSW\u201909: Proceedings of the 2009 ACM workshop on cloud computing security","DOI":"10.1145\/1655008.1655012"},{"key":"5_CR26","first-page":"581","volume-title":"Why phishing works","author":"R Dhamija","year":"2006","unstructured":"Dhamija R, Tygar JD, Hearst MA (2006) Why phishing works. In: Computer human interaction, pp 581\u2013590"},{"key":"5_CR27","first-page":"79","volume-title":"Decision strategies and susceptibility to phishing","author":"JS Downs","year":"2006","unstructured":"Downs JS, Holbrook MB, Cranor LF (2006) Decision strategies and susceptibility to phishing. In: Symposium on usable privacy and security, pp 79\u201390"},{"key":"5_CR28","volume-title":"The economic impact of regulatory information disclosure on information security investments, competition, and social welfare","author":"A Ghose","year":"2006","unstructured":"Ghose A, Rajan U (2006) The economic impact of regulatory information disclosure on information security investments, competition, and social welfare. In: WEIS"},{"key":"5_CR29","first-page":"43","volume-title":"Stopping spyware at the gate: a user study of privacy, notice and spyware","author":"N Good","year":"2005","unstructured":"Good N, Dhamija R, Grossklags J, Thaw D, Aronowitz S, Mulligan DK, Konstan JA (2005) Stopping spyware at the gate: a user study of privacy, notice and spyware. In: Symposium on usable privacy and security, pp 43\u201352"},{"key":"5_CR30","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1391949.1391950","volume":"8","author":"A Herzberg","year":"2008","unstructured":"Herzberg A, Jbara A (2008) Security and identification indicators for browsers against spoofing and phishing attacks. ACM Trans Internet Technol 8:16:1\u201316:36","journal-title":"ACM Trans Internet Technol"},{"key":"5_CR31","volume-title":"Forcehttps: protecting high-security web sites from network attacks","author":"C Jackson","year":"2008","unstructured":"Jackson C, Barth A (2008) Forcehttps: protecting high-security web sites from network attacks. In: WWW"},{"key":"5_CR32","doi-asserted-by":"publisher","DOI":"10.1002\/0470086106","volume-title":"Phishing and countermeasures: understanding the increasing problem of electronic identity theft","author":"M Jakobsson","year":"2006","unstructured":"Jakobsson M, Myers S (2006) Phishing and countermeasures: understanding the increasing problem of electronic identity theft. Wiley, New York"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Landwehr C (2004) Improving information flow in the information security market. Economics of Information Security, pp 155\u2013163","DOI":"10.1007\/1-4020-8090-5_12"},{"key":"5_CR34","unstructured":"Lenstra AK (2004) Key length"},{"key":"5_CR35","volume-title":"Measuring the perpetrators and funders of typosquatting","author":"T Moore","year":"2010","unstructured":"Moore T, Edelman B (2010) Measuring the perpetrators and funders of typosquatting. Lecture notes in computer science. Springer, Berlin\/Heidelberg"},{"key":"5_CR36","first-page":"51","volume-title":"The emperor\u2019s new security indicators","author":"SE Schechter","year":"2007","unstructured":"Schechter SE, Dhamija R, Ozment A, Fischer I (2007) The emperor\u2019s new security indicators. In: IEEE symposium on security and privacy, pp 51\u201365"},{"key":"5_CR37","volume-title":"Certified lies: detecting and defeating government interception attacks against SSL","author":"C Sogohian","year":"2010","unstructured":"Sogohian C, Stamm S (2010) Certified lies: detecting and defeating government interception attacks against SSL. In: HotPETs"},{"key":"5_CR38","first-page":"55","volume-title":"Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate","author":"M Stevens","year":"2009","unstructured":"Stevens M, Sotirov A, Appelbaum J, Lenstra A, Molnar D, Osvik DA, Weger B (2009) Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Cryptology conference on advances in cryptology, pp 55\u201369"},{"key":"5_CR39","first-page":"399","volume-title":"Crying wolf: an empirical study of SSL warning effectiveness","author":"J Sunshine","year":"2009","unstructured":"Sunshine J, Egelman S, Almuhimedi H, Atri N, Cranor LF (2009) Crying wolf: an empirical study of SSL warning effectiveness. In: USENIX security symposium, USENIX Association, pp 399\u2013416"},{"key":"5_CR40","volume-title":"Perspectives: improving SSH-style host authentication with multi-path probing","author":"D Wendlandt","year":"2008","unstructured":"Wendlandt D, Andersen DG, Perrig A (2008) Perspectives: improving SSH-style host authentication with multi-path probing. In: USENIX Annual Technical Conference (Usenix ATC)"},{"key":"5_CR41","unstructured":"Whalen T, Inkpen KM (2005) Gathering evidence: use of visual security cues in web browsers. In: Proceedings of graphics interface 2005, GI \u201905, Canadian Human-Computer Communications Society, School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada, pp 137\u2013144"}],"container-title":["Economics of Information Security and Privacy III"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4614-1981-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,7]],"date-time":"2019-05-07T16:13:46Z","timestamp":1557245626000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-1-4614-1981-5_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,7,27]]},"ISBN":["9781461419808","9781461419815"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-1-4614-1981-5_5","relation":{},"subject":[],"published":{"date-parts":[[2012,7,27]]}}}