{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T10:37:43Z","timestamp":1764239863936,"version":"3.41.0"},"reference-count":25,"publisher":"Association for Computing Machinery (ACM)","issue":"10","license":[{"start":{"date-parts":[[2014,9,23]],"date-time":"2014-09-23T00:00:00Z","timestamp":1411430400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2014,9,23]]},"abstract":"<jats:p>Assessing legal and technical solutions to secure HTTPS.<\/jats:p>","DOI":"10.1145\/2660574","type":"journal-article","created":{"date-parts":[[2014,10,1]],"date-time":"2014-10-01T13:34:59Z","timestamp":1412170499000},"page":"47-55","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Security collapse in the HTTPS market"],"prefix":"10.1145","volume":"57","author":[{"given":"Axel","family":"Arnbak","sequence":"first","affiliation":[{"name":"University of Amsterdam"}]},{"given":"Hadi","family":"Asghari","sequence":"additional","affiliation":[{"name":"Delft University of Technology"}]},{"given":"Michel","family":"Van Eeten","sequence":"additional","affiliation":[{"name":"Delft University of Technology"}]},{"given":"Nico","family":"Van Eijk","sequence":"additional","affiliation":[{"name":"University of Amsterdam"}]}],"member":"320","published-online":{"date-parts":[[2014,9,23]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"Anderson R.J.","year":"2008","unstructured":"Anderson , R.J. Security Engineering: A Guide to Building Dependable Distributed Systems . Wiley , 2008 . Anderson, R.J. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2008."},{"volume-title":"Research Conference on Communication, Information and Internet Policy (TPRC)","author":"Arnbak A.","unstructured":"Arnbak , A. and van Eijk, N. Certificate Authority collapse: regulating systemic vulnerabilities in the HTTPS value chain . Research Conference on Communication, Information and Internet Policy (TPRC) , 2012; http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2031409. Arnbak, A. and van Eijk, N. Certificate Authority collapse: regulating systemic vulnerabilities in the HTTPS value chain. Research Conference on Communication, Information and Internet Policy (TPRC), 2012; http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2031409.","key":"e_1_2_1_2_1"},{"key":"e_1_2_1_3_1","volume-title":"Security economics in the HTTPS value chain","author":"Asghari H.","year":"2013","unstructured":"Asghari , H. , van Eeten , M.J. , Arnbak , A.M. and van Eijk , N.A. Security economics in the HTTPS value chain , 2013 ; http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2277806. Asghari, H., van Eeten, M.J., Arnbak, A.M. and van Eijk, N.A. Security economics in the HTTPS value chain, 2013; http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2277806."},{"doi-asserted-by":"publisher","key":"e_1_2_1_4_1","DOI":"10.2139\/ssrn.1443256"},{"key":"e_1_2_1_5_1","volume-title":"Fixing HTTPS: new models for distributing transport security policy","author":"Bonneau J.","year":"2014","unstructured":"Bonneau , J. Fixing HTTPS: new models for distributing transport security policy . Center for Information Technology Policy (CITP) Seminar , 2014 ; https:\/\/docs.google.com\/presentation\/d\/1dxWwKUOVjO1MnOJQkyxCS03VfFp_kmPeAmneJ9KLd-M\/edit?usp=sharing. Bonneau, J. Fixing HTTPS: new models for distributing transport security policy. Center for Information Technology Policy (CITP) Seminar, 2014; https:\/\/docs.google.com\/presentation\/d\/1dxWwKUOVjO1MnOJQkyxCS03VfFp_kmPeAmneJ9KLd-M\/edit?usp=sharing."},{"key":"e_1_2_1_6_1","volume-title":"Trustwave admits issuing man-in-the-middle digital certificate","author":"Constantin L.","year":"2012","unstructured":"Constantin , L. Trustwave admits issuing man-in-the-middle digital certificate ; Mozilla debates punishment. ComputerWorld (Feb . 8, 2012 ); http:\/\/www.computerworld.com\/s\/article\/9224082\/Trustwave_admits_issuing_man_in_the_middle_digital_certificate_Mozilla_debates_punishment. Constantin, L. Trustwave admits issuing man-in-the-middle digital certificate; Mozilla debates punishment. ComputerWorld (Feb. 8, 2012); http:\/\/www.computerworld.com\/s\/article\/9224082\/Trustwave_admits_issuing_man_in_the_middle_digital_certificate_Mozilla_debates_punishment."},{"doi-asserted-by":"publisher","key":"e_1_2_1_7_1","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_2_1_8_1","volume-title":"Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? Electronic Frontier Foundation","author":"Eckersley P.","year":"2011","unstructured":"Eckersley , P. Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? Electronic Frontier Foundation , 2011 ; https:\/\/www.eff.org\/deeplinks\/2011\/03\/iranianhackers-obtain-fraudulent-https. Eckersley, P. Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? Electronic Frontier Foundation, 2011; https:\/\/www.eff.org\/deeplinks\/2011\/03\/iranianhackers-obtain-fraudulent-https."},{"key":"e_1_2_1_9_1","series-title":"Dec. 2011","volume-title":"Operation Black Tulip: Certificate Authorities lose authority, version 2","author":"ENISA.","unstructured":"ENISA. Operation Black Tulip: Certificate Authorities lose authority, version 2 ( Dec. 2011 ); http:\/\/www.enisa.europa.eu\/media\/news-items\/operation-black-tulip. ENISA. Operation Black Tulip: Certificate Authorities lose authority, version 2 (Dec. 2011); http:\/\/www.enisa.europa.eu\/media\/news-items\/operation-black-tulip."},{"key":"e_1_2_1_10_1","volume-title":"Electronic identification and trust services for electronic transactions in the internal market. Amended proposal","author":"European Union","year":"2014","unstructured":"European Union . Electronic identification and trust services for electronic transactions in the internal market. Amended proposal , 2014 ; 2012\/0146(COD), A 7-0365\/201; http:\/\/www.europarl.europa.eu\/sides\/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0282#title3 European Union. Electronic identification and trust services for electronic transactions in the internal market. Amended proposal, 2014; 2012\/0146(COD), A7-0365\/201; http:\/\/www.europarl.europa.eu\/sides\/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0282#title3"},{"volume-title":"Workshop on Economics of Information Security (2011)","author":"Florencio D.","unstructured":"Florencio , D. and Herley , C . Where do all the attacks go? Workshop on Economics of Information Security (2011) ; http:\/\/research.microsoft.com\/pubs\/149885\/WhereDoAllTheAttacksGo.pdf. Florencio, D. and Herley, C. Where do all the attacks go? Workshop on Economics of Information Security (2011); http:\/\/research.microsoft.com\/pubs\/149885\/WhereDoAllTheAttacksGo.pdf.","key":"e_1_2_1_11_1"},{"key":"e_1_2_1_12_1","volume-title":"DigiNotar Certificate Authority breach (Sept. 5","author":"Fox IT.","year":"2011","unstructured":"Fox - IT. DigiNotar Certificate Authority breach (Sept. 5 , 2011 ); http:\/\/www.rijksoverheid.nl\/documenten-enpublicaties\/rapporten\/2011\/09\/05\/diginotar-publicreport-version-1.html. Fox-IT. DigiNotar Certificate Authority breach (Sept. 5, 2011); http:\/\/www.rijksoverheid.nl\/documenten-enpublicaties\/rapporten\/2011\/09\/05\/diginotar-publicreport-version-1.html."},{"key":"e_1_2_1_13_1","volume-title":"Black Tulip---Report of the investigation into the DigiNotar Certificate Authority breach","author":"Fox IT.","year":"2012","unstructured":"Fox - IT. Black Tulip---Report of the investigation into the DigiNotar Certificate Authority breach ; http:\/\/www.rijksoverheid.nl\/documenten-en-publicaties\/rapporten\/ 2012 \/08\/13\/black-tulip-update.html. Fox-IT. Black Tulip---Report of the investigation into the DigiNotar Certificate Authority breach; http:\/\/www.rijksoverheid.nl\/documenten-en-publicaties\/rapporten\/2012\/08\/13\/black-tulip-update.html."},{"key":"e_1_2_1_14_1","volume-title":"Comodo admits two more registration authorities hacked","author":"InfoSecurity","year":"2011","unstructured":"InfoSecurity . Comodo admits two more registration authorities hacked , 2011 ; http:\/\/www.infosecuritymagazine.com\/view\/16986\/comodo-admits-twomore-registration-authorities-hacked. InfoSecurity. Comodo admits two more registration authorities hacked, 2011; http:\/\/www.infosecuritymagazine.com\/view\/16986\/comodo-admits-twomore-registration-authorities-hacked."},{"key":"e_1_2_1_15_1","volume-title":"DANE and Deployment. NLnet Labs","author":"Kelkman O.M.","year":"2013","unstructured":"Kelkman , O.M. DNSSEC Musings: DigiNotar , DANE and Deployment. NLnet Labs , 2013 ; http:\/\/conference.apnic.net\/__data\/assets\/pdf_file\/0005\/58901\/dnssecdiginotar-dane_1361864377.pdf. Kelkman, O.M. DNSSEC Musings: DigiNotar, DANE and Deployment. NLnet Labs, 2013; http:\/\/conference.apnic.net\/__data\/assets\/pdf_file\/0005\/58901\/dnssecdiginotar-dane_1361864377.pdf."},{"unstructured":"Langley A. Certificate Transparency. ImperialViolet; http:\/\/www.imperialviolet.org\/2012\/11\/06\/certtrans.html.  Langley A. Certificate Transparency. ImperialViolet; http:\/\/www.imperialviolet.org\/2012\/11\/06\/certtrans.html.","key":"e_1_2_1_16_1"},{"key":"e_1_2_1_17_1","volume-title":"Real World Crypto","author":"Langley A.","year":"2013","unstructured":"Langley , A. Real World Crypto 2013 . ImperialViolet ; http:\/\/www.imperialviolet.org\/2013\/01\/13\/rwc03.html. Langley, A. Real World Crypto 2013. ImperialViolet; http:\/\/www.imperialviolet.org\/2013\/01\/13\/rwc03.html."},{"key":"e_1_2_1_18_1","volume-title":"CNET (Aug. 30, 2011","author":"Mills E.","year":"2009","unstructured":"Mills , E. Google users in Iran targeted in SSL spoof . CNET (Aug. 30, 2011 ); http:\/\/news.cnet.com\/8301-27080_3- 2009 9421-245\/google-users-in-irantargeted-in-ssl-spoof\/. Mills, E. Google users in Iran targeted in SSL spoof. CNET (Aug. 30, 2011); http:\/\/news.cnet.com\/8301-27080_3-20099421-245\/google-users-in-irantargeted-in-ssl-spoof\/."},{"key":"e_1_2_1_19_1","volume-title":"Mozilla CA certificate policy, version 2.1 (Feb. 14","author":"Mozilla","year":"2013","unstructured":"Mozilla . Mozilla CA certificate policy, version 2.1 (Feb. 14 , 2013 ); http:\/\/www.mozilla.org\/projects\/security\/certs\/policy\/. Mozilla. Mozilla CA certificate policy, version 2.1 (Feb. 14, 2013); http:\/\/www.mozilla.org\/projects\/security\/certs\/policy\/."},{"key":"e_1_2_1_20_1","volume-title":"The \"Certificate Authority\" trust model for SSL: a defective foundation for encrypted Web traffic and a legal quagmire. Intellectual Property & Technology Law Journal 22. 11","author":"Roosa S.B.","year":"2010","unstructured":"Roosa , S.B. , Schultze , S. The \"Certificate Authority\" trust model for SSL: a defective foundation for encrypted Web traffic and a legal quagmire. Intellectual Property & Technology Law Journal 22. 11 ( 2010 ), 3. Roosa, S.B., Schultze, S. The \"Certificate Authority\" trust model for SSL: a defective foundation for encrypted Web traffic and a legal quagmire. Intellectual Property & Technology Law Journal 22. 11 (2010), 3."},{"key":"e_1_2_1_21_1","volume-title":"Trust Darknet: control and compromise in the Internet's Certificate Authority Model","author":"Roosa S.B.","year":"2013","unstructured":"Roosa , S.B. and Schultze , S . Trust Darknet: control and compromise in the Internet's Certificate Authority Model , 2013 ; http:\/\/ssrn.com\/abstract=2249042. Roosa, S.B. and Schultze, S. Trust Darknet: control and compromise in the Internet's Certificate Authority Model, 2013; http:\/\/ssrn.com\/abstract=2249042."},{"key":"e_1_2_1_22_1","volume-title":"Information Rules","author":"Shapiro C.","year":"1998","unstructured":"Shapiro , C. and Varian , H . Information Rules . Harvard Business School Press , 1998 . Shapiro, C. and Varian, H. Information Rules. Harvard Business School Press, 1998."},{"doi-asserted-by":"publisher","key":"e_1_2_1_23_1","DOI":"10.1007\/978-3-642-27576-0_20"},{"key":"e_1_2_1_24_1","volume-title":"Survey of the SSL implementation of the most popular websites","author":"Trustworthy Internet Movement","year":"2014","unstructured":"Trustworthy Internet Movement . SSL-Pulse. Survey of the SSL implementation of the most popular websites , 2014 ; https:\/\/www.trustworthyinternet.org\/ssl-pulse\/. Trustworthy Internet Movement. SSL-Pulse. Survey of the SSL implementation of the most popular websites, 2014; https:\/\/www.trustworthyinternet.org\/ssl-pulse\/."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the Workshop on Economics of Information Security","author":"Vratonjic N.","year":"2011","unstructured":"Vratonjic , N. , Freudiger , J. , Bindschaedler , V. and Hubaux , J . -P. The inconvenient truth about Web certificates . In Proceedings of the Workshop on Economics of Information Security , 2011 . Vratonjic, N., Freudiger, J., Bindschaedler, V. and Hubaux, J.-P. The inconvenient truth about Web certificates. In Proceedings of the Workshop on Economics of Information Security, 2011."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660574","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660574","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:04:05Z","timestamp":1750273445000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660574"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,9,23]]},"references-count":25,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2014,9,23]]}},"alternative-id":["10.1145\/2660574"],"URL":"https:\/\/doi.org\/10.1145\/2660574","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"type":"print","value":"0001-0782"},{"type":"electronic","value":"1557-7317"}],"subject":[],"published":{"date-parts":[[2014,9,23]]},"assertion":[{"value":"2014-09-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}