{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:11:08Z","timestamp":1771330268336,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,5]],"date-time":"2014-11-05T00:00:00Z","timestamp":1415145600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-1054233"],"award-info":[{"award-number":["CNS-1054233"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS- 1319019"],"award-info":[{"award-number":["CNS- 1319019"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-1150177"],"award-info":[{"award-number":["CNS-1150177"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,5]]},"DOI":"10.1145\/2663716.2663758","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"489-502","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":59,"title":["Analysis of SSL certificate reissues and revocations in the wake of heartbleed"],"prefix":"10.1145","author":[{"given":"Liang","family":"Zhang","sequence":"first","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"David","family":"Choffnes","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Dave","family":"Levin","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Tudor","family":"Dumitra\u015f","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Alan","family":"Mislove","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Aaron","family":"Schulman","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA, USA"}]},{"given":"Christo","family":"Wilson","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,11,5]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Jan.","author":"D. E.","year":"2011","unstructured":"D. E. 3rd. Transport Layer Security (TLS) Extensions: Extension Definitions , Jan. 2011 . IETF RFC- 6066. D. E. 3rd. Transport Layer Security (TLS) Extensions: Extension Definitions, Jan. 2011. IETF RFC-6066."},{"key":"e_1_3_2_1_2_1","unstructured":"Alexa Top 1 Million Domains. http:\/\/s3.amazonaws.com\/alexa-static\/top-1m.csv.zip.  Alexa Top 1 Million Domains. http:\/\/s3.amazonaws.com\/alexa-static\/top-1m.csv.zip."},{"key":"e_1_3_2_1_3_1","series-title":"Revision 3","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-57p1r3","volume-title":"Recommendation for Key Management -- Part 1: General","author":"Barker E.","year":"2012","unstructured":"E. Barker , W. Barker , W. Burr , W. Polk , and M. Smid . Recommendation for Key Management -- Part 1: General ( Revision 3 ) , 2012 . NIST Special Publication 800--57. E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid. Recommendation for Key Management -- Part 1: General (Revision 3), 2012. NIST Special Publication 800--57."},{"key":"e_1_3_2_1_4_1","unstructured":"Botan SSL Library. http:\/\/botan.randombit.net.  Botan SSL Library. http:\/\/botan.randombit.net."},{"key":"e_1_3_2_1_5_1","unstructured":"CERT Vulnerability Note VU\\#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information. http:\/\/www.kb.cert.org\/vuls\/id\/720951.  CERT Vulnerability Note VU\\#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information. http:\/\/www.kb.cert.org\/vuls\/id\/720951."},{"key":"e_1_3_2_1_6_1","volume-title":"May","author":"Cooper D.","year":"2008","unstructured":"D. Cooper , S. Santesson , S. Farrell , S. Boeyen , R. Housley , and W. Polk . Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC-5280 , May 2008 . D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC-5280, May 2008."},{"key":"e_1_3_2_1_7_1","volume-title":"How certificate revocation (doesn't) work in practice","author":"Duncan R.","year":"2013","unstructured":"R. Duncan . How certificate revocation (doesn't) work in practice , 2013 . http:\/\/news.netcraft.com\/archives\/2013\/05\/13\/how-certificate-revocation-doesnt-work-in-practice.html. R. Duncan. How certificate revocation (doesn't) work in practice, 2013. http:\/\/news.netcraft.com\/archives\/2013\/05\/13\/how-certificate-revocation-doesnt-work-in-practice.html."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_10_1","volume-title":"ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium","author":"Durumeric Z.","year":"2013","unstructured":"Z. Durumeric , E. Wustrow , and J. A. Halderman . ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium , 2013 . Z. Durumeric, E. Wustrow, and J. A. Halderman. ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium, 2013."},{"key":"e_1_3_2_1_11_1","first-page":"18","author":"Eckersley P.","year":"2010","unstructured":"P. Eckersley and J. Burns . An observatory for the SSLiverse. In Defcon 18 , 2010 . https:\/\/www.eff.org\/files\/DefconSSLiverse.pdf. P. Eckersley and J. Burns. An observatory for the SSLiverse. In Defcon 18, 2010. https:\/\/www.eff.org\/files\/DefconSSLiverse.pdf.","journal-title":"An observatory for the SSLiverse. In Defcon"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24632-9_27"},{"key":"e_1_3_2_1_13_1","volume-title":"Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts","author":"Evans P.","year":"2014","unstructured":"P. Evans . Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts , 2014 . http:\/\/www.cbc.ca\/news\/business\/heartbleed-bug-rcmp-asked-revenue-canada-to-delay-news-of-sin-thefts-1.2609192. P. Evans. Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts, 2014. http:\/\/www.cbc.ca\/news\/business\/heartbleed-bug-rcmp-asked-revenue-canada-to-delay-news-of-sin-thefts-1.2609192."},{"key":"e_1_3_2_1_14_1","unstructured":"Faketime library. http:\/\/www.code-wizards.com\/projects\/libfaketime\/.  Faketime library. http:\/\/www.code-wizards.com\/projects\/libfaketime\/."},{"key":"e_1_3_2_1_15_1","volume-title":"Heartbleed disclosure timeline: who knew what and when","author":"Grubb B.","year":"2014","unstructured":"B. Grubb . Heartbleed disclosure timeline: who knew what and when , 2014 . http:\/\/www.smh.com.au\/it-pro\/security-it\/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html. B. Grubb. Heartbleed disclosure timeline: who knew what and when, 2014. http:\/\/www.smh.com.au\/it-pro\/security-it\/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html."},{"key":"e_1_3_2_1_16_1","volume-title":"USENIX Security Symposium","author":"Heninger N.","year":"2012","unstructured":"N. Heninger , Z. Durumeric , E. Wustrow , and J. A. Halderman . Mining your Ps and Qs: Detection of widespread weak keys . In USENIX Security Symposium , 2012 . N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman. Mining your Ps and Qs: Detection of widespread weak keys. In USENIX Security Symposium, 2012."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_18_1","unstructured":"Revocation doesn't work. https:\/\/www.imperialviolet.org\/2011\/03\/18\/revocation.html.  Revocation doesn't work. https:\/\/www.imperialviolet.org\/2011\/03\/18\/revocation.html."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251086.1251109"},{"key":"e_1_3_2_1_20_1","unstructured":"Mac OS X 10.9.2 Root Certificates. http:\/\/support.apple.com\/kb\/HT6005.  Mac OS X 10.9.2 Root Certificates. http:\/\/support.apple.com\/kb\/HT6005."},{"key":"e_1_3_2_1_21_1","volume-title":"PKI Research Workshop","author":"Micali S.","year":"2002","unstructured":"S. Micali . NOVOMODO : Scalable certificate validation and simplified PKI management . In PKI Research Workshop , 2002 . S. Micali. NOVOMODO: Scalable certificate validation and simplified PKI management. In PKI Research Workshop, 2002."},{"key":"e_1_3_2_1_22_1","volume-title":"Half a million widely trusted websites vulnerable to heartbleed bug","author":"Mutton P.","year":"2014","unstructured":"P. Mutton . Half a million widely trusted websites vulnerable to heartbleed bug , 2014 . http:\/\/news.netcraft.com\/archives\/2014\/04\/08\/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html. P. Mutton. Half a million widely trusted websites vulnerable to heartbleed bug, 2014. http:\/\/news.netcraft.com\/archives\/2014\/04\/08\/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html."},{"key":"e_1_3_2_1_23_1","volume-title":"USENIX Security Symposium","author":"Naor M.","year":"1998","unstructured":"M. Naor and K. Nissim . Certificate revocation and certificate update . In USENIX Security Symposium , 1998 . M. Naor and K. Nissim. Certificate revocation and certificate update. In USENIX Security Symposium, 1998."},{"key":"e_1_3_2_1_24_1","unstructured":"OpenSSL Project. https:\/\/www.openssl.org.  OpenSSL Project. https:\/\/www.openssl.org."},{"key":"e_1_3_2_1_25_1","volume-title":"RSA Conference","author":"Ramos T.","year":"2006","unstructured":"T. Ramos . The laws of vulnerabilities . In RSA Conference , 2006 . http:\/\/www.qualys.com\/docs\/Laws-Presentation.pdf. T. Ramos. The laws of vulnerabilities. In RSA Conference, 2006. http:\/\/www.qualys.com\/docs\/Laws-Presentation.pdf."},{"key":"e_1_3_2_1_26_1","unstructured":"Rapid7 SSL Certificate Scans. https:\/\/scans.io\/study\/sonar.ssl.  Rapid7 SSL Certificate Scans. https:\/\/scans.io\/study\/sonar.ssl."},{"key":"e_1_3_2_1_27_1","volume-title":"USENIX Security Symposium","author":"Rescorla E.","year":"2003","unstructured":"E. Rescorla . Security holes... Who cares? In USENIX Security Symposium , 2003 . E. Rescorla. Security holes... Who cares? In USENIX Security Symposium, 2003."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/647502.728327"},{"key":"e_1_3_2_1_29_1","volume-title":"June","author":"Santesson S.","year":"2013","unstructured":"S. Santesson , M. Myers , R. Ankney , A. Malpani , S. Galperin , and C. Adams . X. 509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , June 2013 . IETF RFC- 6960. S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, June 2013. IETF RFC-6960."},{"key":"e_1_3_2_1_30_1","first-page":"6520","author":"Seggelmann R.","year":"2012","unstructured":"R. Seggelmann , M. Tuexen , and M. Williams . Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension , Feb. 2012 . IETF RFC- 6520 . R. Seggelmann, M. Tuexen, and M. Williams. Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension, Feb. 2012. IETF RFC-6520.","journal-title":"Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension"},{"key":"e_1_3_2_1_31_1","volume-title":"all CloudFlare certificates revoked and reissued","author":"Sullivan N.","year":"2014","unstructured":"N. Sullivan . The Heartbleed Aftermath : all CloudFlare certificates revoked and reissued , 2014 . http:\/\/blog.cloudflare.com\/the-heartbleed-aftermath-all-cloudflare-certificates-revoked-and-reissued. N. Sullivan. The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued, 2014. http:\/\/blog.cloudflare.com\/the-heartbleed-aftermath-all-cloudflare-certificates-revoked-and-reissued."},{"key":"e_1_3_2_1_32_1","volume-title":"The Results of the CloudFlare Challenge","author":"Sullivan N.","year":"2014","unstructured":"N. Sullivan . The Results of the CloudFlare Challenge , 2014 . http:\/\/blog.cloudflare.com\/the-results-of-the-cloudflare-challenge. N. Sullivan. The Results of the CloudFlare Challenge, 2014. http:\/\/blog.cloudflare.com\/the-results-of-the-cloudflare-challenge."},{"key":"e_1_3_2_1_33_1","unstructured":"The GnuTLS Transport Layer Security Library. http:\/\/www.gnutls.org.  The GnuTLS Transport Layer Security Library. http:\/\/www.gnutls.org."},{"key":"e_1_3_2_1_34_1","volume-title":"Web 2.0 Security & Privacy (W2SP)","author":"Topalovic E.","year":"2012","unstructured":"E. Topalovic , B. Saeta , L.-S. Huang , C. Jackson , and D. Boneh . Toward short-lived certificates . In Web 2.0 Security & Privacy (W2SP) , 2012 . E. Topalovic, B. Saeta, L.-S. Huang, C. Jackson, and D. Boneh. Toward short-lived certificates. In Web 2.0 Security & Privacy (W2SP), 2012."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/956981.956991"},{"key":"e_1_3_2_1_37_1","unstructured":"ZMap Vulnerable Hosts. https:\/\/zmap.io\/heartbleed\/vulnerable.html.  ZMap Vulnerable Hosts. https:\/\/zmap.io\/heartbleed\/vulnerable.html."}],"event":{"name":"IMC '14: Internet Measurement Conference","location":"Vancouver BC Canada","acronym":"IMC '14","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication","USENIX Assoc USENIX Assoc"]},"container-title":["Proceedings of the 2014 Conference on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2663716.2663758","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2663716.2663758","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:56:18Z","timestamp":1750229778000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2663716.2663758"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,5]]},"references-count":37,"alternative-id":["10.1145\/2663716.2663758","10.1145\/2663716"],"URL":"https:\/\/doi.org\/10.1145\/2663716.2663758","relation":{},"subject":[],"published":{"date-parts":[[2014,11,5]]},"assertion":[{"value":"2014-11-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}