{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T22:59:19Z","timestamp":1773269959973,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":57,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819562022","type":"print"},{"value":"9789819562039","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-6203-9_21","type":"book-chapter","created":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:25:18Z","timestamp":1767320718000},"page":"390-409","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Exploring the\u00a0Root Store Usage in\u00a0TLS-Based Applications"],"prefix":"10.1007","author":[{"given":"Yuxiang","family":"Shen","sequence":"first","affiliation":[]},{"given":"Wei","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Shushang","family":"Wen","sequence":"additional","affiliation":[]},{"given":"Yu","family":"Fu","sequence":"additional","affiliation":[]},{"given":"Yunhao","family":"Jia","sequence":"additional","affiliation":[]},{"given":"Jingqiang","family":"Lin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,2]]},"reference":[{"key":"21_CR1","unstructured":"1567114 - MITM on all HTTPS traffic in Kazakhstan. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1567114"},{"key":"21_CR2","unstructured":"Additional trust changes. https:\/\/wiki.mozilla.org\/CA\/Additional_Trust_Changes"},{"key":"21_CR3","unstructured":"App security. https:\/\/source.android.com\/docs\/security\/overview\/app-security"},{"key":"21_CR4","unstructured":"Arch Linux - ca-certificates 20240618-1 (any). https:\/\/archlinux.org\/packages\/core\/any\/ca-certificates\/"},{"key":"21_CR5","unstructured":"Baseline Requirements. https:\/\/cabforum.org\/working-groups\/server\/baseline-requirements\/"},{"key":"21_CR6","unstructured":"ca-certificates - Debian Package Tracker. https:\/\/tracker.debian.org\/pkg\/ca-certificates"},{"key":"21_CR7","unstructured":"Ca-certificates - fedora packages. https:\/\/packages.fedoraproject.org\/pkgs\/ca-certificates\/ca-certificates\/"},{"key":"21_CR8","unstructured":"CA certificates with additional constraints. https:\/\/support.apple.com\/en-us\/103255"},{"key":"21_CR9","unstructured":"Changelog. https:\/\/urllib3.readthedocs.io\/en\/2.1.0\/changelog.html"},{"key":"21_CR10","unstructured":"Chapter 4. Planning and implementing TLS | Securing networks | Red Hat Enterprise Linux | 8 | Red Hat Documentation. https:\/\/docs.redhat.com\/en\/documentation\/red_hat_enterprise_linux\/8\/html\/securing_networks\/planning-and-implementing-tls_securing-networks"},{"key":"21_CR11","unstructured":"Client Challenge. https:\/\/pypi.org\/project\/pyOpenSSL"},{"key":"21_CR12","unstructured":"CodeQL. https:\/\/codeql.github.com\/"},{"key":"21_CR13","unstructured":"Common CA Database by the Linux Foundation. https:\/\/www.ccadb.org\/"},{"key":"21_CR14","unstructured":"Drop certifi, use system trust store by default $$\\cdot $$ Issue #302 $$\\cdot $$ encode\/httpx. https:\/\/github.com\/encode\/httpx\/issues\/302"},{"key":"21_CR15","unstructured":"gnutls.org. https:\/\/www.gnutls.org\/"},{"key":"21_CR16","unstructured":"Introduction to cryptographic libraries. https:\/\/documentation.ubuntu.com\/server\/explanation\/intro-to\/crypto-libraries\/"},{"key":"21_CR17","unstructured":"Mozilla\u2019s ca certificate program. https:\/\/wiki.mozilla.org\/CA"},{"key":"21_CR18","unstructured":"Network Security Services (NSS) \u2014 Firefox Source Docs documentation. https:\/\/firefox-source-docs.mozilla.org\/security\/nss\/index.html"},{"key":"21_CR19","unstructured":"OpenSSL. https:\/\/www.openssl.org\/"},{"key":"21_CR20","unstructured":"Overview - rpms\/ca-certificates - CentOS Git server. https:\/\/git.centos.org\/rpms\/ca-certificates"},{"key":"21_CR21","unstructured":"p11-kit. https:\/\/p11-glue.github.io\/p11-glue\/p11-kit.html"},{"key":"21_CR22","unstructured":"Root Certificate Program - Apple. https:\/\/www.apple.com\/certificateauthority\/ca_program.html"},{"key":"21_CR23","unstructured":"Secure Transport. https:\/\/docs.developer.apple.com\/documentation\/security\/secure-transport"},{"key":"21_CR24","unstructured":"ssl \u2014 TLS\/SSL wrapper for socket objects. https:\/\/docs.python.org\/3\/library\/ssl.html"},{"key":"21_CR25","unstructured":"Transport Layer Security - ArchWiki. https:\/\/wiki.archlinux.org\/title\/Transport_Layer_Security"},{"key":"21_CR26","unstructured":"truststore: Verify certificates using native system trust stores"},{"key":"21_CR27","unstructured":"Update Firefox to prevent add-ons issues from root certificate expiration | Mozilla Support. https:\/\/support.mozilla.org\/en-US\/kb\/root-certificate-expiration"},{"key":"21_CR28","unstructured":"urllib3: HTTP library with thread-safe connection pooling, file post, and more"},{"key":"21_CR29","unstructured":"Welcome to pyca\/cryptography \u2014 Cryptography 46.0.0.dev1 documentation. https:\/\/cryptography.io\/en\/latest\/"},{"key":"21_CR30","unstructured":"What You Need to Know About the DigiNotar Hack (2011). https:\/\/threatpost.com\/what-you-need-know-about-diginotar-hack-090211\/75611\/"},{"key":"21_CR31","unstructured":"Google, Mozilla Drop Trust in Chinese Certificate Authority CNNIC (2015). https:\/\/threatpost.com\/google-drops-trust-in-chinese-certificate-authority-cnnic\/111974\/"},{"key":"21_CR32","unstructured":"Lenovo Superfish Adware Vulnerable to HTTPS Spoofing | CISA (2016). https:\/\/www.cisa.gov\/news-events\/alerts\/2015\/02\/20\/lenovo-superfish-adware-vulnerable-https-spoofing"},{"key":"21_CR33","unstructured":"certifi\/python-certifi (2025). https:\/\/github.com\/certifi\/python-certifi, original-date: 2011-12-28T05:15:19Z"},{"key":"21_CR34","unstructured":"Git: Code: ca-certificates package: Ubuntu (2025). https:\/\/code.launchpad.net\/ubuntu\/+source\/ca-certificates\/+code"},{"key":"21_CR35","doi-asserted-by":"publisher","unstructured":"Bates, A., et al.: Securing SSL certificate verification through dynamic linking. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 394\u2013405. ACM (2014). https:\/\/doi.org\/10.1145\/2660267.2660338","DOI":"10.1145\/2660267.2660338"},{"key":"21_CR36","doi-asserted-by":"publisher","unstructured":"Braun, J., Rynkowski, G.: The potential of an individualized set of trusted cas: defending against CA failures in the web PKI. In: International Conference on Social Computing, pp. 600\u2013605. IEEE Computer Society (2013). https:\/\/doi.org\/10.1109\/SocialCom.2013.90","DOI":"10.1109\/SocialCom.2013.90"},{"key":"21_CR37","doi-asserted-by":"crossref","unstructured":"de\u00a0Carn\u00e9\u00a0de Carnavalet, X., Mannan, M.: Killed by proxy: analyzing client-end TLS interception software. In: 23rd Annual Network and Distributed System Security Symposium. The Internet Society (2016). http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/killed-proxy-analyzing-client-end-tls-interception-software.pdf","DOI":"10.14722\/ndss.2016.23374"},{"key":"21_CR38","doi-asserted-by":"publisher","unstructured":"Chen, C., Diao, W., Zeng, Y., Guo, S., Hu, C.: Drlgencert: deep learning-based automated testing of certificate verification in SSL\/TLS implementations. In: 2018 IEEE International Conference on Software Maintenance and Evolution, pp. 48\u201358. IEEE Computer Society (2018). https:\/\/doi.org\/10.1109\/ICSME.2018.00014","DOI":"10.1109\/ICSME.2018.00014"},{"key":"21_CR39","doi-asserted-by":"publisher","unstructured":"Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.T.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, 1\u2013151 (2008). https:\/\/doi.org\/10.17487\/RFC5280","DOI":"10.17487\/RFC5280"},{"key":"21_CR40","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., et al.: The security impact of HTTPS interception. In: 24th Annual Network and Distributed System Security Symposium. The Internet Society (2017). https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/security-impact-https-interception\/","DOI":"10.14722\/ndss.2017.23456"},{"key":"21_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/978-3-030-86890-1_22","volume-title":"Information and Communications Security","author":"Y Fu","year":"2021","unstructured":"Fu, Y., Wang, Q., Lin, J., Sun, A., Lu, L.: Exploring the security issues of trusted CA certificate management. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds.) ICICS 2021. LNCS, vol. 12918, pp. 384\u2013401. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-86890-1_22"},{"key":"21_CR42","unstructured":"Heimes, C.: tiran\/certifi-system-store (2024). https:\/\/github.com\/tiran\/certifi-system-store, original-date: 2021-03-12T10:24:06Z"},{"key":"21_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/978-3-642-39884-1_28","volume-title":"Financial Cryptography and Data Security","author":"J Kasten","year":"2013","unstructured":"Kasten, J., Wustrow, E., Halderman, J.A.: CAge: taming certificate authorities by inferring restricted scopes. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 329\u2013337. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39884-1_28"},{"key":"21_CR44","doi-asserted-by":"publisher","unstructured":"Larisch, J., et al.: No root store left behind. In: Proceedings of the 22nd ACM Workshop on Hot Topics in Networks, pp. 295\u2013301. ACM (2023). https:\/\/doi.org\/10.1145\/3626111.3630268","DOI":"10.1145\/3626111.3630268"},{"key":"21_CR45","doi-asserted-by":"publisher","unstructured":"Ma, Z., Austgen, J., Mason, J., Durumeric, Z., Bailey, M.D.: Tracing your roots: exploring the TLS trust anchor ecosystem. In: IMC 2021: ACM Internet Measurement Conference, pp. 179\u2013194. ACM (2021). https:\/\/doi.org\/10.1145\/3487552.3487813","DOI":"10.1145\/3487552.3487813"},{"key":"21_CR46","unstructured":"Maehren, M., Nieting, P., Hebrok, S., Merget, R., Somorovsky, J., Schwenk, J.: TLS-anvil: adapting combinatorial testing for TLS libraries. In: 31st USENIX Security Symposium, pp. 215\u2013232. USENIX Association (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/maehren"},{"key":"21_CR47","unstructured":"MicrosoftGuyJFlo: The Microsoft Root Certificate Program. https:\/\/learn.microsoft.com\/en-us\/security\/trusted-root\/"},{"key":"21_CR48","unstructured":"O\u2019Neill, M., et al.: Trustbase: an architecture to repair and strengthen certificate-based authentication. In: 26th USENIX Security Symposium, pp. 609\u2013624. USENIX Association (2017). https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/oneill"},{"key":"21_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/978-3-662-45472-5_20","volume-title":"Financial Cryptography and Data Security","author":"H Perl","year":"2014","unstructured":"Perl, H., Fahl, S., Smith, M.: You won\u2019t be needing these any more: on removing unused certificates from trust stores. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 307\u2013315. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45472-5_20"},{"key":"21_CR50","unstructured":"Possemato, A., Fratantonio, Y.: Towards HTTPS everywhere on android: we are not there yet. In: 29th USENIX Security Symposium, pp. 343\u2013360. USENIX Association (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/possemato"},{"key":"21_CR51","unstructured":"Pourali, S., Yu, X., Zhao, L., Mannan, M., Youssef, A.M.: Racing for TLS certificate validation: a hijacker\u2019s guide to the android TLS galaxy. In: 33rd USENIX Security Symposium. USENIX Association (2024). https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/pourali"},{"key":"21_CR52","doi-asserted-by":"publisher","unstructured":"Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, 1\u2013160 (2018). https:\/\/doi.org\/10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"21_CR53","doi-asserted-by":"publisher","unstructured":"Somorovsky, J.: Systematic fuzzing and testing of TLS libraries. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1492\u20131504. ACM (2016). https:\/\/doi.org\/10.1145\/2976749.2978411","DOI":"10.1145\/2976749.2978411"},{"key":"21_CR54","doi-asserted-by":"publisher","unstructured":"Vallina-Rodriguez, N., Amann, J., Kreibich, C., Weaver, N., Paxson, V.: A tangled mass: the android root certificate stores. In: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 141\u2013148. ACM (2014). https:\/\/doi.org\/10.1145\/2674005.2675015","DOI":"10.1145\/2674005.2675015"},{"key":"21_CR55","doi-asserted-by":"crossref","unstructured":"VanderSloot, B., Amann, J., Bernhard, M., Durumeric, Z., Bailey, M.D., Halderman, J.A.: Towards a complete view of the certificate ecosystem. In: Proceedings of the 2016 ACM on Internet Measurement Conference, pp. 543\u2013549. ACM (2016). http:\/\/dl.acm.org\/citation.cfm?id=2987462","DOI":"10.1145\/2987443.2987462"},{"key":"21_CR56","doi-asserted-by":"publisher","unstructured":"Wang, Y., et al.: Identifying vulnerabilities of SSL\/TLS certificate verification in android apps with static and dynamic analysis. J. Syst. Softw. 167, 110609 (2020). https:\/\/doi.org\/10.1016\/j.jss.2020.110609","DOI":"10.1016\/j.jss.2020.110609"},{"key":"21_CR57","doi-asserted-by":"publisher","unstructured":"Zhang, Y., et al.: Rusted anchors: a national client-side view of hidden root CAS in the web PKI ecosystem. In: CCS 2021: 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1373\u20131387. ACM (2021). https:\/\/doi.org\/10.1145\/3460120.3484768","DOI":"10.1145\/3460120.3484768"}],"container-title":["Lecture Notes in Computer Science","Information Security and Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-6203-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T07:36:45Z","timestamp":1773214605000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-6203-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9789819562022","9789819562039"],"references-count":57,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-6203-9_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"2 January 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Inscrypt","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security and Cryptology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Xi'an","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cisc22025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/inscrypt2025.xidian.edu.cn\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}