{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:32:38Z","timestamp":1750221158665,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,29]],"date-time":"2018-05-29T00:00:00Z","timestamp":1527552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"SUTD SRG ISTD","award":["2017 128"],"award-info":[{"award-number":["2017 128"]}]},{"name":"IITP\/MSIT","award":["2016-0-00157"],"award-info":[{"award-number":["2016-0-00157"]}]},{"name":"FP7","award":["617605"],"award-info":[{"award-number":["617605"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,29]]},"DOI":"10.1145\/3196494.3196520","type":"proceedings-article","created":{"date-parts":[[2018,5,31]],"date-time":"2018-05-31T13:18:28Z","timestamp":1527772708000},"page":"637-649","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Towards Sustainable Evolution for the TLS Public-Key Infrastructure"],"prefix":"10.1145","author":[{"given":"Taeho","family":"Lee","sequence":"first","affiliation":[{"name":"ETH Z\u00fcrich, Z\u00fcrich, Switzerland"}]},{"given":"Christos","family":"Pappas","sequence":"additional","affiliation":[{"name":"ETH Z\u00fcrich, Z\u00fcrich, Switzerland"}]},{"given":"Pawel","family":"Szalachowski","sequence":"additional","affiliation":[{"name":"SUTD, Singapore, Singapore"}]},{"given":"Adrian","family":"Perrig","sequence":"additional","affiliation":[{"name":"ETH Z\u00fcrich, Z\u00fcrich, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2018,5,29]]},"reference":[{"unstructured":"\"Let's Encrypt!\" \"https:\/\/letsencrypt.org\/\".  \"Let's Encrypt!\" \"https:\/\/letsencrypt.org\/\".","key":"e_1_3_2_1_1_1"},{"key":"e_1_3_2_1_2_1","volume-title":"Shedding Light on the Adoption of Let's Encrypt,\" arXiv preprint arXiv:1611.00469","author":"Manousis A.","year":"2016","unstructured":"A. Manousis , R. Ragsdale , B. Draffin , A. Agrawal , and V. Sekar , \" Shedding Light on the Adoption of Let's Encrypt,\" arXiv preprint arXiv:1611.00469 , 2016 . A. Manousis, R. Ragsdale, B. Draffin, A. Agrawal, and V. Sekar, \"Shedding Light on the Adoption of Let's Encrypt,\" arXiv preprint arXiv:1611.00469, 2016."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.1145\/3106328.3106338"},{"unstructured":"\"AWS Certificate Manager Pricing \" \"http:\/\/amzn.to\/2k7NyO0\".  \"AWS Certificate Manager Pricing \" \"http:\/\/amzn.to\/2k7NyO0\".","key":"e_1_3_2_1_4_1"},{"unstructured":"\"Introducing Universal SSL \" \"http:\/\/bit.ly\/1rvItNz\".  \"Introducing Universal SSL \" \"http:\/\/bit.ly\/1rvItNz\".","key":"e_1_3_2_1_5_1"},{"key":"e_1_3_2_1_7_1","volume-title":"A Proposal to Make HTTPS and Email More Secure,\" \"http:\/\/bit.ly\/2jSH9Jd","author":"Sovereign Keys EFF","year":"2011","unstructured":"EFF , \" Sovereign Keys : A Proposal to Make HTTPS and Email More Secure,\" \"http:\/\/bit.ly\/2jSH9Jd \", 2011 . EFF, \"Sovereign Keys: A Proposal to Make HTTPS and Email More Secure,\" \"http:\/\/bit.ly\/2jSH9Jd\", 2011."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1145\/2488388.2488448"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1145\/2660267.2660298"},{"key":"e_1_3_2_1_10_1","volume-title":"IETF","author":"Cooper D.","year":"2008","unstructured":"D. Cooper , S. Santesson , S. Farrell , S. Boeyen , R. Housley , and W. Polk , \" Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,\" RFC 5280 , IETF , 2008 . D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, \"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,\" RFC 5280, IETF, 2008."},{"unstructured":"A. Langley \"Revocation Checking and Chrome's CRL \" \"http:\/\/bit.ly\/2k7DCE9\" 2015.  A. Langley \"Revocation Checking and Chrome's CRL \" \"http:\/\/bit.ly\/2k7DCE9\" 2015.","key":"e_1_3_2_1_11_1"},{"unstructured":"\"Mozilla's Revocation Plan \" \"https:\/\/wiki.mozilla.org\/CA:RevocationPlan\".  \"Mozilla's Revocation Plan \" \"https:\/\/wiki.mozilla.org\/CA:RevocationPlan\".","key":"e_1_3_2_1_12_1"},{"key":"e_1_3_2_1_13_1","volume-title":"IETF","author":"Santesson S.","year":"2013","unstructured":"S. Santesson , M. Myers , R. Ankney , A. Malpani , S. Galperin , and C. Adams , \" X. 509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP,\" RFC 6960 , IETF , 2013 . S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, \"X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP,\" RFC 6960, IETF, 2013."},{"doi-asserted-by":"crossref","unstructured":"Y. Pettersen \"The Transport Layer Security (TLS) Multiple Certificate Status Request Extension \" RFC 6961 IETF 2013.  Y. Pettersen \"The Transport Layer Security (TLS) Multiple Certificate Status Request Extension \" RFC 6961 IETF 2013.","key":"e_1_3_2_1_14_1","DOI":"10.17487\/rfc6961"},{"key":"e_1_3_2_1_15_1","volume-title":"RITM: Revocation in the Middle,\" in Proc. of the IEEE International Conference on Distributed Computing Systems (ICDCS)","author":"Szalachowski P.","year":"2016","unstructured":"P. Szalachowski , L. Chuat , T. Lee , and A. Perrig , \" RITM: Revocation in the Middle,\" in Proc. of the IEEE International Conference on Distributed Computing Systems (ICDCS) , 2016 . P. Szalachowski, L. Chuat, T. Lee, and A. Perrig, \"RITM: Revocation in the Middle,\" in Proc. of the IEEE International Conference on Distributed Computing Systems (ICDCS), 2016."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/2660267.2660355"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1145\/2815675.2815685"},{"unstructured":"\"Certificate Transparency Will Be Mandatory in Chrome \" \"http:\/\/ibm.co\/2eGf9SC\".  \"Certificate Transparency Will Be Mandatory in Chrome \" \"http:\/\/ibm.co\/2eGf9SC\".","key":"e_1_3_2_1_18_1"},{"key":"e_1_3_2_1_19_1","volume-title":"Standardizing the Next Generation Public Key Infrastructure,\" in Proc. of the Workshop on Improving Trust in the Online Market- place","author":"Tschofenig H.","year":"2013","unstructured":"H. Tschofenig and T. Gondrom , \" Standardizing the Next Generation Public Key Infrastructure,\" in Proc. of the Workshop on Improving Trust in the Online Market- place , 2013 . H. Tschofenig and T. Gondrom, \"Standardizing the Next Generation Public Key Infrastructure,\" in Proc. of the Workshop on Improving Trust in the Online Market- place, 2013."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1145\/2342356.2342382"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1109\/TNET.2007.893888"},{"key":"e_1_3_2_1_22_1","volume-title":"XIA: Efficient Support for Evolvable Internetworking,\" in Proc. of the USENIX Conference on Networked Systems Design and Implementation (NSDI)","author":"Han D.","year":"2012","unstructured":"D. Han , A. Anand , F. Dogar , B. Li , H. Lim , M. Machado , A Mukundan , W. Wu , A. Akella , D. G. Andersen , J. W. Byers , S. Seshan , and P. Steenkiste , \" XIA: Efficient Support for Evolvable Internetworking,\" in Proc. of the USENIX Conference on Networked Systems Design and Implementation (NSDI) , 2012 . D. Han, A. Anand, F. Dogar, B. Li, H. Lim, M. Machado, A Mukundan, W. Wu, A. Akella, D. G. Andersen, J. W. Byers, S. Seshan, and P. Steenkiste, \"XIA: Efficient Support for Evolvable Internetworking,\" in Proc. of the USENIX Conference on Networked Systems Design and Implementation (NSDI), 2012."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_23_1","DOI":"10.1145\/2834050.2834101"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1145\/1080091.1080128"},{"key":"e_1_3_2_1_25_1","volume-title":"Perspectives: Improving ssh-style host authentication with multi-path probing.\" in Proc. of the USENIX Annual Technical Conference (ATC)","author":"Wendlandt D.","year":"2008","unstructured":"D. Wendlandt , D. G. Andersen , and A. Perrig , \" Perspectives: Improving ssh-style host authentication with multi-path probing.\" in Proc. of the USENIX Annual Technical Conference (ATC) , 2008 . D. Wendlandt, D. G. Andersen, and A. Perrig, \"Perspectives: Improving ssh-style host authentication with multi-path probing.\" in Proc. of the USENIX Annual Technical Conference (ATC), 2008."},{"unstructured":"M. Marlinspike \"Convergence \" http:\/\/convergence.io 2011.  M. Marlinspike \"Convergence \" http:\/\/convergence.io 2011.","key":"e_1_3_2_1_26_1"},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. of the Network and Distributed System Security Symposium (NDSS)","author":"Ryan M. D.","year":"2014","unstructured":"M. D. Ryan , \" Enhanced Certificate Transparency and End-to- End Encrypted Mail ,\" in Proc. of the Network and Distributed System Security Symposium (NDSS) , 2014 . M. D. Ryan, \"Enhanced Certificate Transparency and End-to-End Encrypted Mail,\" in Proc. of the Network and Distributed System Security Symposium (NDSS), 2014."},{"key":"e_1_3_2_1_28_1","volume-title":"DTKI: a new formalized PKI with no trusted parties,\" arXiv preprint arXiv:1408.1023","author":"Cheval V.","year":"2014","unstructured":"V. Cheval , M. Ryan , and J. Yu , \" DTKI: a new formalized PKI with no trusted parties,\" arXiv preprint arXiv:1408.1023 , 2014 . V. Cheval, M. Ryan, and J. Yu, \"DTKI: a new formalized PKI with no trusted parties,\" arXiv preprint arXiv:1408.1023, 2014."},{"key":"e_1_3_2_1_29_1","volume-title":"TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication,\" in Proc. of the USENIX Security Symposium (USENIX Security)","author":"O'Neill M.","year":"2017","unstructured":"M. O'Neill , S. Heidbrink , S. Ruoti , J. Whitehead , D. Bunker , L. Dickinson , T. Hendershot , J. Reynolds , K. Seamons , and D. Zappala , \" TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication,\" in Proc. of the USENIX Security Symposium (USENIX Security) , 2017 . M. O'Neill, S. Heidbrink, S. Ruoti, J. Whitehead, D. Bunker, L. Dickinson, T. Hendershot, J. Reynolds, K. Seamons, and D. Zappala, \"TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication,\" in Proc. of the USENIX Security Symposium (USENIX Security), 2017."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/2660267.2660338"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1145\/2342356.2342359"},{"key":"e_1_3_2_1_32_1","volume-title":"IETF","author":"D. E.","year":"2011","unstructured":"D. E. 3rd, \" Transport Layer Security (TLS) Extensions : Extension Definitions,\" RFC 6066 , IETF , 2011 . D. E. 3rd, \"Transport Layer Security (TLS) Extensions: Extension Definitions,\" RFC 6066, IETF, 2011."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/2674005.2674991"},{"key":"e_1_3_2_1_34_1","volume-title":"IETF","author":"Ferguson P.","year":"2000","unstructured":"P. Ferguson and D. Senie , \" Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing,\" RFC 2827 , IETF , 2000 . P. Ferguson and D. Senie, \"Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing,\" RFC 2827, IETF, 2000."},{"doi-asserted-by":"crossref","unstructured":"R. C. Merkle \"A Digital Signature Based on a Conventional Encryption Function \" in Proc.edings of Advances in Cryptology 1988.   R. C. Merkle \"A Digital Signature Based on a Conventional Encryption Function \" in Proc.edings of Advances in Cryptology 1988.","key":"e_1_3_2_1_35_1","DOI":"10.1007\/3-540-48184-2_32"},{"key":"e_1_3_2_1_36_1","volume-title":"Gossiping in CT,\" Internet-Draft draft-linus-trans-gossip-ct-04","author":"Nordberg L.","year":"2017","unstructured":"L. Nordberg , D. Gillmor , and T. Ritter , \" Gossiping in CT,\" Internet-Draft draft-linus-trans-gossip-ct-04 , 2017 . L. Nordberg, D. Gillmor, and T. Ritter, \"Gossiping in CT,\" Internet-Draft draft-linus-trans-gossip-ct-04, 2017."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_37_1","DOI":"10.1145\/2976749.2978404"},{"key":"e_1_3_2_1_38_1","volume-title":"Secure Hash Standard,\" http:\/\/bit.ly\/1nIPyYX","author":"NIST","year":"2012","unstructured":"NIST , \"FIPS 180--4 , Secure Hash Standard,\" http:\/\/bit.ly\/1nIPyYX , 2012 . NIST, \"FIPS 180--4, Secure Hash Standard,\" http:\/\/bit.ly\/1nIPyYX, 2012."},{"doi-asserted-by":"crossref","unstructured":"D. J. Bernstein N. Duif T. Lange P. Schwabe and B.-Y. Yang \"High-speed High-security Signatures \" Journal of Cryptographic Engineering 2012.  D. J. Bernstein N. Duif T. Lange P. Schwabe and B.-Y. Yang \"High-speed High-security Signatures \" Journal of Cryptographic Engineering 2012.","key":"e_1_3_2_1_39_1","DOI":"10.1007\/s13389-012-0027-1"},{"unstructured":"\"Internet Users by Country \" \"http:\/\/bit.ly\/1ywyEl8\" 2016.  \"Internet Users by Country \" \"http:\/\/bit.ly\/1ywyEl8\" 2016.","key":"e_1_3_2_1_40_1"},{"unstructured":"\"Internet Users \" \"http:\/\/bit.ly\/RdZ6QH\".  \"Internet Users \" \"http:\/\/bit.ly\/RdZ6QH\".","key":"e_1_3_2_1_41_1"},{"unstructured":"AWS \"Summary of the Amazon S3 Service Disruption in the Northern Virginia \" \"https:\/\/aws.amazon.com\/message\/41926\/\" 2017.  AWS \"Summary of the Amazon S3 Service Disruption in the Northern Virginia \" \"https:\/\/aws.amazon.com\/message\/41926\/\" 2017.","key":"e_1_3_2_1_42_1"},{"key":"e_1_3_2_1_43_1","volume-title":"IETF","author":"Paxson V.","year":"2011","unstructured":"V. Paxson , M. Allman , J. Chu , and M. Sargent , \" Computing TCP's Retransmission Timer,\" RFC 6298 , IETF , Jun. 2011 . V. Paxson, M. Allman, J. Chu, and M. Sargent, \"Computing TCP's Retransmission Timer,\" RFC 6298, IETF, Jun. 2011."},{"unstructured":"Google \"QUIC Loss Detection and Congestion Control \"http:\/\/bit.ly\/2pNN5Tw\" 2011.  Google \"QUIC Loss Detection and Congestion Control \"http:\/\/bit.ly\/2pNN5Tw\" 2011.","key":"e_1_3_2_1_44_1"},{"unstructured":"J. Roskind \"Quick UDP Internet Connections \" \"http:\/\/bit.ly\/2rjBgpb\" 2013.  J. Roskind \"Quick UDP Internet Connections \" \"http:\/\/bit.ly\/2rjBgpb\" 2013.","key":"e_1_3_2_1_45_1"},{"key":"e_1_3_2_1_46_1","volume-title":"QUIC: A UDP-Based Secure and Reliable Transport for HTTP\/2,\" \"http:\/\/bit.ly\/2qs0kMz","author":"Hamilton R.","year":"2016","unstructured":"R. Hamilton , J. Iyengar , I. Swett , and A. Wilk , \" QUIC: A UDP-Based Secure and Reliable Transport for HTTP\/2,\" \"http:\/\/bit.ly\/2qs0kMz \", 2016 . R. Hamilton, J. Iyengar, I. Swett, and A. Wilk, \"QUIC: A UDP-Based Secure and Reliable Transport for HTTP\/2,\" \"http:\/\/bit.ly\/2qs0kMz\", 2016."},{"key":"e_1_3_2_1_47_1","volume-title":"Validating security protocols with cloud-based middleboxes,\" in Proc. of the IEEE Conference on Communications and Network Security (CNS)","author":"Taylor C. R.","year":"2016","unstructured":"C. R. Taylor and C. A. Shue , \" Validating security protocols with cloud-based middleboxes,\" in Proc. of the IEEE Conference on Communications and Network Security (CNS) , 2016 . C. R. Taylor and C. A. Shue, \"Validating security protocols with cloud-based middleboxes,\" in Proc. of the IEEE Conference on Communications and Network Security (CNS), 2016."},{"unstructured":"E. Rescorla \"The transport layer security (TLS) protocol version 1.3 \" 2016.  E. Rescorla \"The transport layer security (TLS) protocol version 1.3 \" 2016.","key":"e_1_3_2_1_48_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_49_1","DOI":"10.1145\/2897845.2897895"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_50_1","DOI":"10.1145\/2973750.2973766"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_51_1","DOI":"10.1145\/3139294"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"ASIA CCS '18","name":"ASIA CCS '18: ACM Asia Conference on Computer and Communications Security","location":"Incheon Republic of Korea"},"container-title":["Proceedings of the 2018 on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196520","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3196494.3196520","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:39Z","timestamp":1750208919000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196520"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,29]]},"references-count":50,"alternative-id":["10.1145\/3196494.3196520","10.1145\/3196494"],"URL":"https:\/\/doi.org\/10.1145\/3196494.3196520","relation":{},"subject":[],"published":{"date-parts":[[2018,5,29]]},"assertion":[{"value":"2018-05-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}