{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T18:29:33Z","timestamp":1773080973479,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,11,13]],"date-time":"2009-11-13T00:00:00Z","timestamp":1258070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,11,13]]},"DOI":"10.1145\/1655008.1655012","type":"proceedings-article","created":{"date-parts":[[2009,11,17]],"date-time":"2009-11-17T13:30:15Z","timestamp":1258464615000},"page":"19-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":50,"title":["Browser interfaces and extended validation SSL certificates"],"prefix":"10.1145","author":[{"given":"Robert","family":"Biddle","sequence":"first","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"P. C.","family":"van Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"Andrew S.","family":"Patrick","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"Jennifer","family":"Sobey","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"Tara","family":"Whalen","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]}],"member":"320","published-online":{"date-parts":[[2009,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"CA\/Browser Forum. http:\/\/www.cabforum.org\/ CA\/Browser Forum. http:\/\/www.cabforum.org\/"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1073001.1073009"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143131"},{"key":"e_1_3_2_1_5_1","author":"Hallam-Baker P.","year":"2008","unstructured":"P. Hallam-Baker . Does Anyone Fall for Phishing Scams Anymore? IT Security Journal.com, ( 2008 ). http:\/\/www.itsecurityjournal.com\/index.php\/Latest\/Does-Anyone-Fall-for-Phishing-Scams-Anymore.html P. Hallam-Baker. Does Anyone Fall for Phishing Scams Anymore? IT Security Journal.com, (2008). http:\/\/www.itsecurityjournal.com\/index.php\/Latest\/Does-Anyone-Fall-for-Phishing-Scams-Anymore.html","journal-title":"Journal.com, ("},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1785594.1785633"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1240624.1240760"},{"key":"e_1_3_2_1_8_1","unstructured":"M. Marlinspike. Null Prefix Attacks Against SSL\/TLS Certificates. http:\/\/www.thoughtcrime.org\/papers\/null-prefix-attacks.pdf. 29 July (2009). M. Marlinspike. Null Prefix Attacks Against SSL\/TLS Certificates. http:\/\/www.thoughtcrime.org\/papers\/null-prefix-attacks.pdf. 29 July (2009)."},{"issue":"1","key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1080\/00031305.1978.10479236","volume":"32","author":"McGill R.","year":"1978","unstructured":"R. McGill , R.W. Tukey , and W.A. Larsen . Variations of box plots. The American Statistician , 32 ( 1 ): 12 -- 16 , Feb. ( 1978 ). R. McGill, R.W. Tukey, and W.A. Larsen. Variations of box plots. The American Statistician, 32(1):12--16, Feb. (1978).","journal-title":"Variations of box plots. The American Statistician"},{"key":"e_1_3_2_1_10_1","unstructured":"Microsoft Security Bulletin MS01-017 (Mar.22 2001; updated Mar.28 2001). Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard http:\/\/www.microsoft.com\/technet\/security\/bulletin\/ms01-017.mspx Microsoft Security Bulletin MS01-017 (Mar.22 2001; updated Mar.28 2001). Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard http:\/\/www.microsoft.com\/technet\/security\/bulletin\/ms01-017.mspx"},{"key":"e_1_3_2_1_11_1","volume-title":"25th Chaos Communication Congress","author":"Molnar D.","year":"2008","unstructured":"D. Molnar , M. Stevens , A. Lenstra , B. de Weger , A. Sotirov , J. Appelbaum , and D.A. Osvik . MD5 Considered Harmful Today: Creating a Rogue CA Certificate . 25th Chaos Communication Congress , Berlin, Germany , December 30 ( 2008 ). D. Molnar, M. Stevens, A. Lenstra, B. de Weger, A. Sotirov, J. Appelbaum, and D.A. Osvik. MD5 Considered Harmful Today: Creating a Rogue CA Certificate. 25th Chaos Communication Congress, Berlin, Germany, December 30 (2008)."},{"key":"e_1_3_2_1_12_1","volume-title":"March","author":"Applications Net","year":"2009","unstructured":"Net Applications . Global Market Share Statistics , March 2009 , http:\/\/marketshare.hitslink.com\/browser-market-share.aspx?qprid=2 (retrieved April 11, 2009) Net Applications. Global Market Share Statistics, March 2009, http:\/\/marketshare.hitslink.com\/browser-market-share.aspx?qprid=2 (retrieved April 11, 2009)"},{"key":"e_1_3_2_1_13_1","volume-title":"December 23","author":"Nigg E.","year":"2008","unstructured":"E. Nigg . Untrusted Certificates . Personal blog , December 23 , 2008 , https:\/\/blog.startcom.org\/?p=145 E. Nigg. Untrusted Certificates. Personal blog, December 23, 2008, https:\/\/blog.startcom.org\/?p=145"},{"key":"e_1_3_2_1_14_1","volume-title":"SSL and TLS: Designing and Building Secure Systems","author":"Rescorla E.","year":"2001","unstructured":"E. Rescorla . SSL and TLS: Designing and Building Secure Systems , Addison-Wesley ( 2001 ). E. Rescorla. SSL and TLS: Designing and Building Secure Systems, Addison-Wesley (2001)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1203228"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_27"},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. of the 18th Usenix Security Symposium","author":"Sunshine J.","year":"2009","unstructured":"J. Sunshine , S. Egelman , H. Almuhimedi , N. Atri , and L.F. Cranor . Crying Wolf: An Empirical Study of SSL Warning Effectiveness . In Proc. of the 18th Usenix Security Symposium , August ( 2009 ). J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L.F. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In Proc. of the 18th Usenix Security Symposium, August (2009)."},{"key":"e_1_3_2_1_21_1","first-page":"137","volume-title":"Gathering Evidence: Use of Visual Security Cues in Web Browsing. In Proc. of Graphics Interface 2005","author":"Whalen T.","year":"2005","unstructured":"T. Whalen and K. Inkpen . Gathering Evidence: Use of Visual Security Cues in Web Browsing. In Proc. of Graphics Interface 2005 , pp. 137 -- 145 , May ( 2005 ). T. Whalen and K. Inkpen. Gathering Evidence: Use of Visual Security Cues in Web Browsing. In Proc. of Graphics Interface 2005, pp. 137--145, May (2005)."},{"key":"e_1_3_2_1_22_1","volume-title":"Proc. of the 8th USENIX Security Symposium","author":"Whitten A.","year":"1999","unstructured":"A. Whitten and J.D. Tygar . Why Johnny Can't Encrypt: A Usability Case Study of PGP 5.0 . In Proc. of the 8th USENIX Security Symposium , August ( 1999 ). A. Whitten and J.D. Tygar. Why Johnny Can't Encrypt: A Usability Case Study of PGP 5.0. In Proc. of the 8th USENIX Security Symposium, August (1999)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065545.1065546"},{"key":"e_1_3_2_1_24_1","volume-title":"Black Hat Security Briefings","author":"Zusman M.","year":"2009","unstructured":"M. Zusman and A. Sotirov . Sub-Prime PKI: Attacking Extended Validation SSL . Black Hat Security Briefings , Las Vegas, USA , July ( 2009 ). M. Zusman and A. Sotirov. Sub-Prime PKI: Attacking Extended Validation SSL. Black Hat Security Briefings, Las Vegas, USA, July (2009)."}],"event":{"name":"CCS '09: 16th ACM Conference on Computer and Communications Security 2009","location":"Chicago Illinois USA","acronym":"CCS '09","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2009 ACM workshop on Cloud computing security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1655008.1655012","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1655008.1655012","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:45:31Z","timestamp":1750250731000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1655008.1655012"}},"subtitle":["an empirical study"],"short-title":[],"issued":{"date-parts":[[2009,11,13]]},"references-count":22,"alternative-id":["10.1145\/1655008.1655012","10.1145\/1655008"],"URL":"https:\/\/doi.org\/10.1145\/1655008.1655012","relation":{},"subject":[],"published":{"date-parts":[[2009,11,13]]},"assertion":[{"value":"2009-11-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}