{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:36:23Z","timestamp":1778168183467,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":121,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1409505"],"award-info":[{"award-number":["CNS-1409505"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS- 1518888"],"award-info":[{"award-number":["CNS- 1518888"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1345254"],"award-info":[{"award-number":["CNS-1345254"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3363192","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"2473-2487","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":100,"title":["Let's Encrypt"],"prefix":"10.1145","author":[{"given":"Josh","family":"Aas","sequence":"first","affiliation":[{"name":"Let's Encrypt, San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Richard","family":"Barnes","sequence":"additional","affiliation":[{"name":"Cisco, San Jose, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benton","family":"Case","sequence":"additional","affiliation":[{"name":"Stanford University, Palo Alto, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zakir","family":"Durumeric","sequence":"additional","affiliation":[{"name":"Stanford University, Palo Alto, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter","family":"Eckersley","sequence":"additional","affiliation":[{"name":"Electronic Frontier Foundation, San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alan","family":"Flores-L\u00f3pez","sequence":"additional","affiliation":[{"name":"Stanford University, Palo Alto, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J. Alex","family":"Halderman","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jacob","family":"Hoffman-Andrews","sequence":"additional","affiliation":[{"name":"Electronic Frontier Foundation, San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"James","family":"Kasten","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric","family":"Rescorla","sequence":"additional","affiliation":[{"name":"Mozilla, San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seth","family":"Schoen","sequence":"additional","affiliation":[{"name":"Electronic Frontier Foundation, San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brad","family":"Warren","sequence":"additional","affiliation":[{"name":"Electronic Frontier Foundation, San Francisco, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Josh Aas. 2014. Let's Encrypt: Delivering SSL\/TLS Everywhere. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2014\/11\/18\/announcing-lets-encrypt.html  Josh Aas. 2014. Let's Encrypt: Delivering SSL\/TLS Everywhere. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2014\/11\/18\/announcing-lets-encrypt.html"},{"key":"e_1_3_2_2_2_1","unstructured":"Josh Aas. 2015a. Entering Public Beta. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2015\/12\/03\/entering-public-beta.html  Josh Aas. 2015a. Entering Public Beta. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2015\/12\/03\/entering-public-beta.html"},{"key":"e_1_3_2_2_3_1","unstructured":"Josh Aas. 2015b. Let's Encrypt is Trusted. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2015\/10\/19\/lets-encrypt-is-trusted.html  Josh Aas. 2015b. Let's Encrypt is Trusted. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2015\/10\/19\/lets-encrypt-is-trusted.html"},{"key":"e_1_3_2_2_4_1","unstructured":"Josh Aas. 2015c. Our First Certificate Is Now Live. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2015\/09\/14\/our-first-cert.html  Josh Aas. 2015c. Our First Certificate Is Now Live. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2015\/09\/14\/our-first-cert.html"},{"key":"e_1_3_2_2_5_1","unstructured":"Josh Aas. 2018a. Issue with TLS-SNI-01 and Shared Hosting Infrastructure. Let's Encrypt Community Forum. https:\/\/community.letsencrypt.org\/t\/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure\/49996  Josh Aas. 2018a. Issue with TLS-SNI-01 and Shared Hosting Infrastructure. Let's Encrypt Community Forum. https:\/\/community.letsencrypt.org\/t\/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure\/49996"},{"key":"e_1_3_2_2_6_1","unstructured":"Josh Aas. 2018b. Let's Encrypt Root Trusted By All Major Root Programs. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2018\/08\/06\/trusted-by-all-major-root-programs.html  Josh Aas. 2018b. Let's Encrypt Root Trusted By All Major Root Programs. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2018\/08\/06\/trusted-by-all-major-root-programs.html"},{"key":"e_1_3_2_2_7_1","unstructured":"Josh Aas. 2019. Transitioning to ISRG's Root. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2019\/04\/15\/transitioning-to-isrg-root.html  Josh Aas. 2019. Transitioning to ISRG's Root. Let's Encrypt Blog. https:\/\/letsencrypt.org\/2019\/04\/15\/transitioning-to-isrg-root.html"},{"key":"e_1_3_2_2_8_1","volume-title":"HTTPS Everywhere: Encryption for All WordPress.com Sites","author":"Abrahamson Barry","year":"2016","unstructured":"Barry Abrahamson . 2016. HTTPS Everywhere: Encryption for All WordPress.com Sites . The WordPress.com Blog . https:\/\/en.blog.wordpress.com\/ 2016 \/04\/08\/https-everywhere-encryption-for-all-wordpress-com-sites\/ Barry Abrahamson. 2016. HTTPS Everywhere: Encryption for All WordPress.com Sites. The WordPress.com Blog. https:\/\/en.blog.wordpress.com\/2016\/04\/08\/https-everywhere-encryption-for-all-wordpress-com-sites\/"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134007"},{"key":"#cr-split#-e_1_3_2_2_10_1.1","doi-asserted-by":"crossref","unstructured":"C. Adams S. Farrell T. Kause and T. Mononen. 2005. Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP). RFC 4210. IETF. https:\/\/doi.org\/10.17487\/RFC4210 10.17487\/RFC4210","DOI":"10.17487\/rfc4210"},{"key":"#cr-split#-e_1_3_2_2_10_1.2","doi-asserted-by":"crossref","unstructured":"C. Adams S. Farrell T. Kause and T. Mononen. 2005. Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP). RFC 4210. IETF. https:\/\/doi.org\/10.17487\/RFC4210","DOI":"10.17487\/rfc4210"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_2_12_1","unstructured":"Akamai. 2018. Certificate Provisioning System API v2. Akamai Developer. https:\/\/developer.akamai.com\/api\/core_features\/certificate_provisioning_system\/v2.html  Akamai. 2018. Certificate Provisioning System API v2. Akamai Developer. https:\/\/developer.akamai.com\/api\/core_features\/certificate_provisioning_system\/v2.html"},{"key":"e_1_3_2_2_13_1","volume-title":"Lucky Thirteen: Breaking the TLS and DTLS Record Protocols. In 34th IEEE Symposium on Security and Privacy (S&P '13)","author":"Nadhem","year":"2013","unstructured":"Nadhem J. Al Fardan and Kenneth G. Paterson. 2013 . Lucky Thirteen: Breaking the TLS and DTLS Record Protocols. In 34th IEEE Symposium on Security and Privacy (S&P '13) . IEEE, New York, NY, USA, 526--540. https:\/\/doi.org\/10.1109\/SP. 2013 .42 10.1109\/SP.2013.42 Nadhem J. Al Fardan and Kenneth G. Paterson. 2013. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols. In 34th IEEE Symposium on Security and Privacy (S&P '13). IEEE, New York, NY, USA, 526--540. https:\/\/doi.org\/10.1109\/SP.2013.42"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131401"},{"key":"e_1_3_2_2_15_1","unstructured":"Apache HTTP Server Project. 2019. Apache Module mod_md. Apache HTTP Server Version 2.5. https:\/\/httpd.apache.org\/docs\/trunk\/mod\/mod_md.html  Apache HTTP Server Project. 2019. Apache Module mod_md. Apache HTTP Server Version 2.5. https:\/\/httpd.apache.org\/docs\/trunk\/mod\/mod_md.html"},{"key":"e_1_3_2_2_16_1","unstructured":"ASUS. 2019. How to Enable HTTPS and Create a Certificate by Using ASUS Let's Encrypt? Support FAQ. https:\/\/www.asus.com\/us\/support\/FAQ\/1034294\/  ASUS. 2019. How to Enable HTTPS and Create a Certificate by Using ASUS Let's Encrypt? Support FAQ. https:\/\/www.asus.com\/us\/support\/FAQ\/1034294\/"},{"key":"e_1_3_2_2_17_1","volume-title":"25th USENIX Security Symposium (USENIX Security '16)","author":"Aviram Nimrod","year":"2016","unstructured":"Nimrod Aviram , Sebastian Schinzel , Juraj Somorovsky , Nadia Heninger , Maik Dankel , Jens Steube , Luke Valenta , David Adrian , J. Alex Halderman , Viktor Dukhovni , Emilia K\"asper, Shaanan Cohney , Susanne Engels , Christof Paar , and Yuval Shavitt . 2016 . DROWN: Breaking TLS Using SSLv2 . In 25th USENIX Security Symposium (USENIX Security '16) . USENIX Association, Berkeley, CA, USA, 689--706. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity16\/sec16_paper_aviram.pdf Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\"asper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. 2016. DROWN: Breaking TLS Using SSLv2. In 25th USENIX Security Symposium (USENIX Security '16). USENIX Association, Berkeley, CA, USA, 689--706. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity16\/sec16_paper_aviram.pdf"},{"key":"e_1_3_2_2_18_1","unstructured":"AVM GmbH. 2019. MyFRITZ! Internetzugriff auf Ihre FRITZ!Box nun ohne Sicherheitshinweise im Browser. FRITZ! Labor. https:\/\/avm.de\/fritz-labor\/weitere-produkte\/neues-verbesserungen\/lets-encrypt\/  AVM GmbH. 2019. MyFRITZ! Internetzugriff auf Ihre FRITZ!Box nun ohne Sicherheitshinweise im Browser. FRITZ! Labor. https:\/\/avm.de\/fritz-labor\/weitere-produkte\/neues-verbesserungen\/lets-encrypt\/"},{"key":"#cr-split#-e_1_3_2_2_19_1.1","doi-asserted-by":"crossref","unstructured":"Richard Barnes. 2011. Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE). RFC 6394. IETF. https:\/\/doi.org\/10.17487\/RFC6394 10.17487\/RFC6394","DOI":"10.17487\/rfc6394"},{"key":"#cr-split#-e_1_3_2_2_19_1.2","doi-asserted-by":"crossref","unstructured":"Richard Barnes. 2011. Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE). RFC 6394. IETF. https:\/\/doi.org\/10.17487\/RFC6394","DOI":"10.17487\/rfc6394"},{"key":"#cr-split#-e_1_3_2_2_20_1.1","doi-asserted-by":"crossref","unstructured":"Richard Barnes Jacob Hoffman-Andrews Daniel McCarney and James Kasten. 2019. Automated Certificate Management Environment (ACME). RFC 8555. IETF. https:\/\/doi.org\/10.17487\/RFC8555 10.17487\/RFC8555","DOI":"10.17487\/RFC8555"},{"key":"#cr-split#-e_1_3_2_2_20_1.2","doi-asserted-by":"crossref","unstructured":"Richard Barnes Jacob Hoffman-Andrews Daniel McCarney and James Kasten. 2019. Automated Certificate Management Environment (ACME). RFC 8555. IETF. https:\/\/doi.org\/10.17487\/RFC8555","DOI":"10.17487\/RFC8555"},{"key":"#cr-split#-e_1_3_2_2_21_1.1","doi-asserted-by":"crossref","unstructured":"Adam Barth. 2011. The Web Origin Concept. RFC 6454. IETF. https:\/\/doi.org\/10.17487\/RFC6454 10.17487\/RFC6454","DOI":"10.17487\/rfc6454"},{"key":"#cr-split#-e_1_3_2_2_21_1.2","doi-asserted-by":"crossref","unstructured":"Adam Barth. 2011. The Web Origin Concept. RFC 6454. IETF. https:\/\/doi.org\/10.17487\/RFC6454","DOI":"10.17487\/rfc6454"},{"key":"e_1_3_2_2_22_1","volume-title":"On the Usability of HTTPS Deployment. In 2019 ACM Conference on Human Factors in Computing Systems (CHI '19)","author":"Bernhard Matthew","unstructured":"Matthew Bernhard , Jonathan Sharman , Claudia Ziegler Acemyan , Philip Kortum , Dan Wallach , and J. Alex Halderman . 2019 . On the Usability of HTTPS Deployment. In 2019 ACM Conference on Human Factors in Computing Systems (CHI '19) . ACM, New York, NY, USA, 10 pages. https:\/\/doi.org\/10.1145\/3290605.3300540 10.1145\/3290605.3300540 Matthew Bernhard, Jonathan Sharman, Claudia Ziegler Acemyan, Philip Kortum, Dan Wallach, and J. Alex Halderman. 2019. On the Usability of HTTPS Deployment. In 2019 ACM Conference on Human Factors in Computing Systems (CHI '19). ACM, New York, NY, USA, 10 pages. https:\/\/doi.org\/10.1145\/3290605.3300540"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_2_24_1","volume-title":"Formal Modeling and Verification for Domain Validation and ACME. In 21st International Conference on Financial Cryptography and Data Security (FC '17)","author":"Bhargavan Karthikeyan","year":"2017","unstructured":"Karthikeyan Bhargavan , Antoine Delignat-Lavaud , and Nadim Kobeissi . 2017 . Formal Modeling and Verification for Domain Validation and ACME. In 21st International Conference on Financial Cryptography and Data Security (FC '17) . Springer, New York, NY, USA, 561--578. https:\/\/doi.org\/10.1007\/978--3--319--70972--7_32 10.1007\/978--3--319--70972--7_32 Karthikeyan Bhargavan, Antoine Delignat-Lavaud, and Nadim Kobeissi. 2017. Formal Modeling and Verification for Domain Validation and ACME. In 21st International Conference on Financial Cryptography and Data Security (FC '17). Springer, New York, NY, USA, 561--578. https:\/\/doi.org\/10.1007\/978--3--319--70972--7_32"},{"key":"e_1_3_2_2_25_1","volume-title":"HotPETS","author":"Birge-Lee Henry","year":"2017","unstructured":"Henry Birge-Lee , Yixin Sun , Annie Edmundson , Jennifer Rexford , and Prateek Mittal . 2017. Using BGP to Acquire Bogus TLS Certificates . In HotPETS 2017 . 2 pages. https:\/\/petsymposium.org\/2017\/papers\/hotpets\/bgp-bogus-tls.pdf Henry Birge-Lee, Yixin Sun, Annie Edmundson, Jennifer Rexford, and Prateek Mittal. 2017. Using BGP to Acquire Bogus TLS Certificates. In HotPETS 2017. 2 pages. https:\/\/petsymposium.org\/2017\/papers\/hotpets\/bgp-bogus-tls.pdf"},{"key":"e_1_3_2_2_26_1","volume-title":"Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security '18)","author":"Birge-Lee Henry","year":"2018","unstructured":"Henry Birge-Lee , Yixin Sun , Anne Edmundson , Jennifer Rexford , and Prateek Mittal . 2018 . Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security '18) . USENIX Association, Berkeley, CA, USA, 833--849. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity18\/sec18-birge-lee.pdf Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, and Prateek Mittal. 2018. Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security '18). USENIX Association, Berkeley, CA, USA, 833--849. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity18\/sec18-birge-lee.pdf"},{"key":"#cr-split#-e_1_3_2_2_27_1.1","doi-asserted-by":"crossref","unstructured":"Simon Blake-Wilson Nelson Bolyard Vipul Gupta Chris Hawk and Bodo Moeller. 2006. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). RFC 4492. IETF. https:\/\/doi.org\/10.17487\/RFC4492 10.17487\/RFC4492","DOI":"10.17487\/rfc4492"},{"key":"#cr-split#-e_1_3_2_2_27_1.2","doi-asserted-by":"crossref","unstructured":"Simon Blake-Wilson Nelson Bolyard Vipul Gupta Chris Hawk and Bodo Moeller. 2006. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). RFC 4492. IETF. https:\/\/doi.org\/10.17487\/RFC4492","DOI":"10.17487\/rfc4492"},{"issue":"6","key":"e_1_3_2_2_28_1","first-page":"5","article-title":"a","volume":"1","author":"Forum Browser","year":"2019","unstructured":"CA\/ Browser Forum . 2019 a . Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. Version 1 . 6 . 5 . https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.5.pdf CA\/Browser Forum. 2019 a. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. Version 1.6.5. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.5.pdf","journal-title":"Version"},{"key":"e_1_3_2_2_29_1","unstructured":"CA\/Browser Forum. 2019 b. Guidelines For The Issuance And Management Of Extended Validation Certificates. Version 1.6.9. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-EV-Guidelines-v1.6.9.pdf  CA\/Browser Forum. 2019 b. Guidelines For The Issuance And Management Of Extended Validation Certificates. Version 1.6.9. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-EV-Guidelines-v1.6.9.pdf"},{"key":"e_1_3_2_2_30_1","volume-title":"Tracking and Targeting of Consumers","author":"Chester Jeff","unstructured":"Jeff Chester . 2018. AT&T, Comcast and Verizon Expand \u201cBig Data \u201d Tracking and Targeting of Consumers . Center for Digital Democracy Blog . https:\/\/www.democraticmedia.org\/blog\/att-comcast-verizon-expand-big-data-tracking-targeting-consumers Jeff Chester. 2018. AT&T, Comcast and Verizon Expand \u201cBig Data\u201d Tracking and Targeting of Consumers. Center for Digital Democracy Blog. https:\/\/www.democraticmedia.org\/blog\/att-comcast-verizon-expand-big-data-tracking-targeting-consumers"},{"key":"e_1_3_2_2_31_1","unstructured":"Comodo. 2015. SSL Certificate with Free Trust Logo. Internet Archive version. https:\/\/web.archive.org\/web\/20150421032800\/https:\/\/ssl.comodo.com\/  Comodo. 2015. SSL Certificate with Free Trust Logo. Internet Archive version. https:\/\/web.archive.org\/web\/20150421032800\/https:\/\/ssl.comodo.com\/"},{"key":"e_1_3_2_2_32_1","unstructured":"DigiCert. 2015. SSL Certificate Comparison. Internet Archive version. https:\/\/web.archive.org\/web\/20150905120255\/https:\/\/www.digicert.com\/ssl-certificate-comparison.htm  DigiCert. 2015. SSL Certificate Comparison. Internet Archive version. https:\/\/web.archive.org\/web\/20150905120255\/https:\/\/www.digicert.com\/ssl-certificate-comparison.htm"},{"key":"e_1_3_2_2_33_1","volume-title":"Standard SSL Certificates. https:\/\/www.digicert.com\/standard-ssl-certificates\/ Retrieved","year":"2019","unstructured":"DigiCert. 2019. Standard SSL Certificates. https:\/\/www.digicert.com\/standard-ssl-certificates\/ Retrieved September 25, 2019 from DigiCert. 2019. Standard SSL Certificates. https:\/\/www.digicert.com\/standard-ssl-certificates\/ Retrieved September 25, 2019 from"},{"key":"e_1_3_2_2_34_1","volume-title":"15th Symposium on Usable Privacy and Security (SOUPS '19)","author":"Drury Vincent","year":"2019","unstructured":"Vincent Drury and Ulrike Meyer . 2019 . Certified Phishing: Taking a Look at Public Key Certificates of Phishing Websites . In 15th Symposium on Usable Privacy and Security (SOUPS '19) . USENIX Association, Berkeley, CA, USA, 211--223. https:\/\/www.usenix.org\/system\/files\/soups 2019-drury.pdf Vincent Drury and Ulrike Meyer. 2019. Certified Phishing: Taking a Look at Public Key Certificates of Phishing Websites. In 15th Symposium on Usable Privacy and Security (SOUPS '19). USENIX Association, Berkeley, CA, USA, 211--223. https:\/\/www.usenix.org\/system\/files\/soups2019-drury.pdf"},{"key":"e_1_3_2_2_35_1","volume-title":"22nd ACM Conference on Computer and Communications Security (CCS '15)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric , David Adrian , Ariana Mirian , Michael Bailey , and J. Alex Halderman . 2015. Censys: A Search Engine Backed by Internet-Wide Scanning . In 22nd ACM Conference on Computer and Communications Security (CCS '15) . ACM, New York, NY, USA, 542--553. https:\/\/doi.org\/10.1145\/2810103.2813703 10.1145\/2810103.2813703 Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. Censys: A Search Engine Backed by Internet-Wide Scanning. In 22nd ACM Conference on Computer and Communications Security (CCS '15). ACM, New York, NY, USA, 542--553. https:\/\/doi.org\/10.1145\/2810103.2813703"},{"key":"e_1_3_2_2_36_1","volume-title":"Analysis of the HTTPS Certificate Ecosystem. In 13th ACM Internet Measurement Conference (IMC '13)","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric , James Kasten , Michael Bailey , and J Alex Halderman . 2013 . Analysis of the HTTPS Certificate Ecosystem. In 13th ACM Internet Measurement Conference (IMC '13) . ACM, New York, NY, USA, 291--304. https:\/\/doi.org\/10.1145\/2504730.2504755 10.1145\/2504730.2504755 Zakir Durumeric, James Kasten, Michael Bailey, and J Alex Halderman. 2013. Analysis of the HTTPS Certificate Ecosystem. In 13th ACM Internet Measurement Conference (IMC '13). ACM, New York, NY, USA, 291--304. https:\/\/doi.org\/10.1145\/2504730.2504755"},{"key":"e_1_3_2_2_37_1","volume-title":"The Matter of Heartbleed. In 14th ACM Internet Measurement Conference (IMC '14)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric , Frank Li , James Kasten , Johanna Amann , Jethro Beekman , Mathias Payer , Nicolas Weaver , David Adrian , Vern Paxson , Michael Bailey , and J. Alex Halderman . 2014 . The Matter of Heartbleed. In 14th ACM Internet Measurement Conference (IMC '14) . ACM, New York, NY, USA, 475--488. https:\/\/doi.org\/10.1145\/2663716.2663755 10.1145\/2663716.2663755 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman. 2014. The Matter of Heartbleed. In 14th ACM Internet Measurement Conference (IMC '14). ACM, New York, NY, USA, 475--488. https:\/\/doi.org\/10.1145\/2663716.2663755"},{"key":"#cr-split#-e_1_3_2_2_38_1.1","doi-asserted-by":"crossref","unstructured":"Donald Eastlake. 2011. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066. IETF. https:\/\/doi.org\/10.17487\/RFC6066 10.17487\/RFC6066","DOI":"10.17487\/rfc6066"},{"key":"#cr-split#-e_1_3_2_2_38_1.2","doi-asserted-by":"crossref","unstructured":"Donald Eastlake. 2011. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066. IETF. https:\/\/doi.org\/10.17487\/RFC6066","DOI":"10.17487\/rfc6066"},{"key":"e_1_3_2_2_39_1","unstructured":"Peter Eckersley. 2011. Sovereign Key Cryptography for Internet Domains. https:\/\/github.com\/EFForg\/sovereign-keys\/blob\/master\/sovereign-key-design.txt  Peter Eckersley. 2011. Sovereign Key Cryptography for Internet Domains. https:\/\/github.com\/EFForg\/sovereign-keys\/blob\/master\/sovereign-key-design.txt"},{"key":"e_1_3_2_2_40_1","unstructured":"Electronic Frontier Foundation. 2019. Certbot. https:\/\/certbot.eff.org\/  Electronic Frontier Foundation. 2019. Certbot. https:\/\/certbot.eff.org\/"},{"key":"e_1_3_2_2_41_1","unstructured":"Facebook. 2019. Certificate Transparency Monitoring. Facebook for Developers. https:\/\/developers.facebook.com\/tools\/ct\/search\/  Facebook. 2019. Certificate Transparency Monitoring. Facebook for Developers. https:\/\/developers.facebook.com\/tools\/ct\/search\/"},{"key":"#cr-split#-e_1_3_2_2_42_1.1","doi-asserted-by":"crossref","unstructured":"Stephan Friedl Andrei Popov Adam Langley and Emile Stephan. 2014. Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension. RFC 7301. IETF. https:\/\/doi.org\/10.17487\/RFC7301 10.17487\/RFC7301","DOI":"10.17487\/rfc7301"},{"key":"#cr-split#-e_1_3_2_2_42_1.2","doi-asserted-by":"crossref","unstructured":"Stephan Friedl Andrei Popov Adam Langley and Emile Stephan. 2014. Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension. RFC 7301. IETF. https:\/\/doi.org\/10.17487\/RFC7301","DOI":"10.17487\/rfc7301"},{"key":"e_1_3_2_2_43_1","unstructured":"GeoTrust. 2015. Compare SSL Certificates. Internet Archive version. https:\/\/web.archive.org\/web\/20150319134219\/https:\/\/www.geotrust.com\/ssl\/compare-ssl-certificates.html  GeoTrust. 2015. Compare SSL Certificates. Internet Archive version. https:\/\/web.archive.org\/web\/20150319134219\/https:\/\/www.geotrust.com\/ssl\/compare-ssl-certificates.html"},{"key":"e_1_3_2_2_44_1","volume-title":"https:\/\/www.geotrust.com\/ssl\/ Retrieved","author":"Certificates SSL","year":"2019","unstructured":"GeoTrust. 2019. SSL Certificates . https:\/\/www.geotrust.com\/ssl\/ Retrieved September 25, 2019 from GeoTrust. 2019. SSL Certificates. https:\/\/www.geotrust.com\/ssl\/ Retrieved September 25, 2019 from"},{"key":"e_1_3_2_2_45_1","unstructured":"GoDaddy. 2015. SSL Certificates. Internet Archive version. https:\/\/web.archive.org\/web\/20150601032030\/https:\/\/www.godaddy.com\/ssl\/ssl-certificates.aspx  GoDaddy. 2015. SSL Certificates. Internet Archive version. https:\/\/web.archive.org\/web\/20150601032030\/https:\/\/www.godaddy.com\/ssl\/ssl-certificates.aspx"},{"key":"e_1_3_2_2_46_1","volume-title":"https:\/\/www.godaddy.com\/web-security\/ssl-certificate Retrieved","author":"Certificates SSL","year":"2019","unstructured":"GoDaddy. 2019. SSL Certificates . https:\/\/www.godaddy.com\/web-security\/ssl-certificate Retrieved September 25, 2019 from GoDaddy. 2019. SSL Certificates. https:\/\/www.godaddy.com\/web-security\/ssl-certificate Retrieved September 25, 2019 from"},{"key":"e_1_3_2_2_47_1","volume-title":"Transparency Report: HTTPS Encryption by Chrome Platform. https:\/\/transparencyreport.google.com\/https\/overview Retrieved","year":"2019","unstructured":"Google. 2019 . Transparency Report: HTTPS Encryption by Chrome Platform. https:\/\/transparencyreport.google.com\/https\/overview Retrieved May 2019 from Google. 2019. Transparency Report: HTTPS Encryption by Chrome Platform. https:\/\/transparencyreport.google.com\/https\/overview Retrieved May 2019 from"},{"key":"e_1_3_2_2_48_1","unstructured":"Ilya Grigorik. 2019. Is TLS Fast Yet? https:\/\/istlsfastyet.com  Ilya Grigorik. 2019. Is TLS Fast Yet? https:\/\/istlsfastyet.com"},{"key":"#cr-split#-e_1_3_2_2_49_1.1","doi-asserted-by":"crossref","unstructured":"Phillip Hallam-Baker and Rob Stradling. 2013. DNS Certification Authority Authorization (CAA) Resource Record. RFC 6844. IETF. https:\/\/doi.org\/10.17487\/RFC6844 10.17487\/RFC6844","DOI":"10.17487\/rfc6844"},{"key":"#cr-split#-e_1_3_2_2_49_1.2","doi-asserted-by":"crossref","unstructured":"Phillip Hallam-Baker and Rob Stradling. 2013. DNS Certification Authority Authorization (CAA) Resource Record. RFC 6844. IETF. https:\/\/doi.org\/10.17487\/RFC6844","DOI":"10.17487\/rfc6844"},{"key":"e_1_3_2_2_50_1","unstructured":"Scott Helme. 2017. I'm Giving Up on HPKP. https:\/\/scotthelme.co.uk\/im-giving-up-on-hpkp\/  Scott Helme. 2017. I'm Giving Up on HPKP. https:\/\/scotthelme.co.uk\/im-giving-up-on-hpkp\/"},{"key":"e_1_3_2_2_51_1","unstructured":"Kipp E.B. Hickman. 1995. SSL 0.2 Protocol Specification. https:\/\/www-archive.mozilla.org\/projects\/security\/pki\/nss\/ssl\/draft02.html  Kipp E.B. Hickman. 1995. SSL 0.2 Protocol Specification. https:\/\/www-archive.mozilla.org\/projects\/security\/pki\/nss\/ssl\/draft02.html"},{"key":"e_1_3_2_2_52_1","unstructured":"Muks Hirani Sarah Jones and Ben Read. 2019. Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. FireEye Threat Research. https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/01\/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html  Muks Hirani Sarah Jones and Ben Read. 2019. Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. FireEye Threat Research. https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/01\/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html"},{"key":"e_1_3_2_2_53_1","unstructured":"Troy Hunt. 2019. Extended Validation Certificates are (Really Really) Dead. https:\/\/www.troyhunt.com\/extended-validation-certificates-are-really-really-dead\/  Troy Hunt. 2019. Extended Validation Certificates are (Really Really) Dead. https:\/\/www.troyhunt.com\/extended-validation-certificates-are-really-really-dead\/"},{"key":"e_1_3_2_2_54_1","unstructured":"ISRG. 2019. About Internet Security Research Group: Board of Directors. https:\/\/www.abetterinternet.org\/about\/  ISRG. 2019. About Internet Security Research Group: Board of Directors. https:\/\/www.abetterinternet.org\/about\/"},{"key":"e_1_3_2_2_56_1","unstructured":"Brian Krebs. 2018. Half of All Phishing Sites Now Have the Padlock. Krebs on Security. https:\/\/krebsonsecurity.com\/2018\/11\/half-of-all-phishing-sites-now-have-the-padlock\/  Brian Krebs. 2018. Half of All Phishing Sites Now Have the Padlock. Krebs on Security. https:\/\/krebsonsecurity.com\/2018\/11\/half-of-all-phishing-sites-now-have-the-padlock\/"},{"key":"e_1_3_2_2_57_1","volume-title":"On the Usability of Deploying HTTPS. In 26th USENIX Security Symposium (USENIX Security '17)","author":"Krombholz Katharina","year":"2017","unstructured":"Katharina Krombholz , Wilfried Mayer , Martin Schmiedecker , and Edgar Weippl . 2017 . \u201c I Have No Idea What I'm Doing \u201d: On the Usability of Deploying HTTPS. In 26th USENIX Security Symposium (USENIX Security '17) . USENIX Association, Berkeley, CA, USA, 1339--1356. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity17\/sec17-krombholz.pdf Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl. 2017. \u201cI Have No Idea What I'm Doing\u201d: On the Usability of Deploying HTTPS. In 26th USENIX Security Symposium (USENIX Security '17). USENIX Association, Berkeley, CA, USA, 1339--1356. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity17\/sec17-krombholz.pdf"},{"key":"e_1_3_2_2_58_1","volume-title":"Tracking Certificate Misissuance in the Wild. In 39th IEEE Symposium on Security and Privacy (S&P '18)","author":"Kumar Deepak","year":"2018","unstructured":"Deepak Kumar , Zhengping Wang , Matthew Hyder , Joseph Dickinson , Gabrielle Beck , David Adrian , Joshua Mason , Zakir Durumeric , J. Alex Halderman , and Michael Bailey . 2018 . Tracking Certificate Misissuance in the Wild. In 39th IEEE Symposium on Security and Privacy (S&P '18) . IEEE, New York, NY, USA, 785--798. https:\/\/doi.org\/10.1109\/SP. 2018.00015 10.1109\/SP.2018.00015 Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, and Michael Bailey. 2018. Tracking Certificate Misissuance in the Wild. In 39th IEEE Symposium on Security and Privacy (S&P '18). IEEE, New York, NY, USA, 785--798. https:\/\/doi.org\/10.1109\/SP.2018.00015"},{"key":"e_1_3_2_2_59_1","unstructured":"Adam Langley. 2010. Overclocking SSL. ImperialViolet blog. https:\/\/www.imperialviolet.org\/2010\/06\/25\/overclocking-ssl.html  Adam Langley. 2010. Overclocking SSL. ImperialViolet blog. https:\/\/www.imperialviolet.org\/2010\/06\/25\/overclocking-ssl.html"},{"key":"e_1_3_2_2_60_1","unstructured":"Adam Langley. 2015. Why Not DANE in Browsers. ImperialViolet blog. https:\/\/www.imperialviolet.org\/2015\/01\/17\/notdane.html  Adam Langley. 2015. Why Not DANE in Browsers. ImperialViolet blog. https:\/\/www.imperialviolet.org\/2015\/01\/17\/notdane.html"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.17"},{"key":"#cr-split#-e_1_3_2_2_62_1.1","doi-asserted-by":"crossref","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. IETF. https:\/\/doi.org\/10.17487\/RFC6962 10.17487\/RFC6962","DOI":"10.17487\/rfc6962"},{"key":"#cr-split#-e_1_3_2_2_62_1.2","doi-asserted-by":"crossref","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. IETF. https:\/\/doi.org\/10.17487\/RFC6962","DOI":"10.17487\/rfc6962"},{"key":"e_1_3_2_2_63_1","unstructured":"Let's Encrypt. 2016. Certificate Compatibility. https:\/\/letsencrypt.org\/docs\/certificate-compatibility\/  Let's Encrypt. 2016. Certificate Compatibility. https:\/\/letsencrypt.org\/docs\/certificate-compatibility\/"},{"key":"e_1_3_2_2_64_1","unstructured":"Let's Encrypt. 2018. Let's Encrypt Privacy Policy. https:\/\/letsencrypt.org\/privacy\/  Let's Encrypt. 2018. Let's Encrypt Privacy Policy. https:\/\/letsencrypt.org\/privacy\/"},{"key":"e_1_3_2_2_65_1","unstructured":"Let's Encrypt. 2019 a. ACME Client Implementations. https:\/\/letsencrypt.org\/docs\/client-options\/  Let's Encrypt. 2019 a. ACME Client Implementations. https:\/\/letsencrypt.org\/docs\/client-options\/"},{"key":"e_1_3_2_2_66_1","unstructured":"Let's Encrypt. 2019 b. Policy and Legal Repository. https:\/\/letsencrypt.org\/repository\/  Let's Encrypt. 2019 b. Policy and Legal Repository. https:\/\/letsencrypt.org\/repository\/"},{"key":"e_1_3_2_2_67_1","volume-title":"Caddy: The HTTP\/2 Server With Automatic HTTPS. https:\/\/caddyserver.com\/","author":"Labs Light Code","year":"2019","unstructured":"Light Code Labs . 2019 . Caddy: The HTTP\/2 Server With Automatic HTTPS. https:\/\/caddyserver.com\/ Light Code Labs. 2019. Caddy: The HTTP\/2 Server With Automatic HTTPS. https:\/\/caddyserver.com\/"},{"key":"e_1_3_2_2_68_1","volume-title":"5th USENIX Workshop on Free and Open Communications on the Internet (FOCI '15)","author":"Marczak Bill","year":"2015","unstructured":"Bill Marczak , Nicholas Weaver , Jakub Dalek , Roya Ensafi , David Fifield , Sarah McKune , Arn Rey , John Scott-Railton , Ron Deibert , and Vern Paxson . 2015 . An Analysis of China's \u201cGreat Cannon \u201d. In 5th USENIX Workshop on Free and Open Communications on the Internet (FOCI '15) . USENIX Association, Berkeley, CA, USA, 11 pages. https:\/\/www.usenix.org\/system\/files\/conference\/foci15\/foci15-paper-marczak.pdf Bill Marczak, Nicholas Weaver, Jakub Dalek, Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ron Deibert, and Vern Paxson. 2015. An Analysis of China's \u201cGreat Cannon\u201d. In 5th USENIX Workshop on Free and Open Communications on the Internet (FOCI '15). USENIX Association, Berkeley, CA, USA, 11 pages. https:\/\/www.usenix.org\/system\/files\/conference\/foci15\/foci15-paper-marczak.pdf"},{"key":"e_1_3_2_2_69_1","unstructured":"Bodo M\u00f6ller Thai Duong and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting the SSL 3.0 Fallback. https:\/\/www.openssl.org\/ bodo\/ssl-poodle.pdf  Bodo M\u00f6ller Thai Duong and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting the SSL 3.0 Fallback. https:\/\/www.openssl.org\/ bodo\/ssl-poodle.pdf"},{"key":"e_1_3_2_2_70_1","unstructured":"Monkeysphere. 2010. The Monkeysphere Project. https:\/\/web.monkeysphere.info\/  Monkeysphere. 2010. The Monkeysphere Project. https:\/\/web.monkeysphere.info\/"},{"key":"e_1_3_2_2_71_1","unstructured":"Parker Moore. 2018. Custom Domains on GitHub Pages Gain Support for HTTPS. The GitHub Blog. https:\/\/github.blog\/2018-05-01-github-pages-custom-domains-https\/  Parker Moore. 2018. Custom Domains on GitHub Pages Gain Support for HTTPS. The GitHub Blog. https:\/\/github.blog\/2018-05-01-github-pages-custom-domains-https\/"},{"issue":"7","key":"e_1_3_2_2_72_1","first-page":"2986","article-title":"PKCS #10","volume":"1","author":"Nystrom Magnus","year":"2000","unstructured":"Magnus Nystrom and Burt Kaliski . 2000 . PKCS #10 : Certification Request Syntax Specification Version 1 . 7 . RFC 2986 . IETF. https:\/\/doi.org\/10.17487\/RFC2986 10.17487\/RFC2986 Magnus Nystrom and Burt Kaliski. 2000. PKCS #10: Certification Request Syntax Specification Version 1.7. RFC 2986. IETF. https:\/\/doi.org\/10.17487\/RFC2986","journal-title":"Certification Request Syntax Specification Version"},{"key":"e_1_3_2_2_73_1","unstructured":"Devon O'Brien. 2019. Upcoming Change to Chrome's Identity Indicators. Chromium security-dev mailing list. https:\/\/groups.google.com\/a\/chromium.org\/forum\/m\/#!msg\/security-dev\/h1bTcoTpfeI\/jUTk1z7VAAAJ  Devon O'Brien. 2019. Upcoming Change to Chrome's Identity Indicators. Chromium security-dev mailing list. https:\/\/groups.google.com\/a\/chromium.org\/forum\/m\/#!msg\/security-dev\/h1bTcoTpfeI\/jUTk1z7VAAAJ"},{"key":"e_1_3_2_2_74_1","unstructured":"OVH. 2019 a. Certificats SSL pour tous avec Let's Encrypt! https:\/\/www.ovh.com\/fr\/hebergement-web\/ssl_mutualise.xml  OVH. 2019 a. Certificats SSL pour tous avec Let's Encrypt! https:\/\/www.ovh.com\/fr\/hebergement-web\/ssl_mutualise.xml"},{"key":"e_1_3_2_2_75_1","unstructured":"OVH. 2019 b. SSL Gateway: HTTPS for All. https:\/\/www.ovh.com\/world\/ssl-gateway\/  OVH. 2019 b. SSL Gateway: HTTPS for All. https:\/\/www.ovh.com\/world\/ssl-gateway\/"},{"key":"e_1_3_2_2_76_1","unstructured":"Plesk. 2019. Let's Encrypt Extension. https:\/\/www.plesk.com\/extensions\/letsencrypt\/  Plesk. 2019. Let's Encrypt Extension. https:\/\/www.plesk.com\/extensions\/letsencrypt\/"},{"key":"#cr-split#-e_1_3_2_2_77_1.1","doi-asserted-by":"crossref","unstructured":"Max Pritikin Peter Yee and Dan Harkins. 2013. Enrollment over Secure Transport. RFC 7030. IETF. https:\/\/doi.org\/10.17487\/RFC7030 10.17487\/RFC7030","DOI":"10.17487\/rfc7030"},{"key":"#cr-split#-e_1_3_2_2_77_1.2","doi-asserted-by":"crossref","unstructured":"Max Pritikin Peter Yee and Dan Harkins. 2013. Enrollment over Secure Transport. RFC 7030. IETF. https:\/\/doi.org\/10.17487\/RFC7030","DOI":"10.17487\/rfc7030"},{"key":"#cr-split#-e_1_3_2_2_78_1.1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2000. HTTP over TLS. RFC 2818. https:\/\/doi.org\/10.17487\/RFC2818 10.17487\/RFC2818","DOI":"10.17487\/rfc2818"},{"key":"#cr-split#-e_1_3_2_2_78_1.2","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2000. HTTP over TLS. RFC 2818. https:\/\/doi.org\/10.17487\/RFC2818","DOI":"10.17487\/rfc2818"},{"key":"#cr-split#-e_1_3_2_2_79_1.1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. IETF. https:\/\/doi.org\/10.17487\/RFC8446 10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"#cr-split#-e_1_3_2_2_79_1.2","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. IETF. https:\/\/doi.org\/10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_2_80_1","unstructured":"Paul Roberts. 2011. Phony SSL Certificates Issued for Google Yahoo Skype Others. Threatpost. https:\/\/threatpost.com\/phony-ssl-certificates-issued-google-yahoo-skype-others-032311\/75061\/  Paul Roberts. 2011. Phony SSL Certificates Issued for Google Yahoo Skype Others. Threatpost. https:\/\/threatpost.com\/phony-ssl-certificates-issued-google-yahoo-skype-others-032311\/75061\/"},{"key":"e_1_3_2_2_81_1","unstructured":"Franz Ros\u00e9n. 2018. How I Exploited ACME TLS-SNI-01 Issuing Let's Encrypt SSL-Certs for Any Domain Using Shared Hosting. Detectify Labs. https:\/\/labs.detectify.com\/2018\/01\/12\/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting\/  Franz Ros\u00e9n. 2018. How I Exploited ACME TLS-SNI-01 Issuing Let's Encrypt SSL-Certs for Any Domain Using Shared Hosting. Detectify Labs. https:\/\/labs.detectify.com\/2018\/01\/12\/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting\/"},{"key":"#cr-split#-e_1_3_2_2_82_1.1","doi-asserted-by":"crossref","unstructured":"Jim Schaad and Michael Myers. 2008. Certificate Management over CMS (CMC). RFC 5272. IETF. https:\/\/doi.org\/10.17487\/RFC5272 10.17487\/RFC5272","DOI":"10.17487\/rfc5272"},{"key":"#cr-split#-e_1_3_2_2_82_1.2","doi-asserted-by":"crossref","unstructured":"Jim Schaad and Michael Myers. 2008. Certificate Management over CMS (CMC). RFC 5272. IETF. https:\/\/doi.org\/10.17487\/RFC5272","DOI":"10.17487\/rfc5272"},{"key":"e_1_3_2_2_83_1","unstructured":"Emily Schechter. 2018. Evolving Chrome's Security Indicators. Chromium Blog. https:\/\/blog.chromium.org\/2018\/05\/evolving-chromes-security-indicators.html  Emily Schechter. 2018. Evolving Chrome's Security Indicators. Chromium Blog. https:\/\/blog.chromium.org\/2018\/05\/evolving-chromes-security-indicators.html"},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00046"},{"key":"e_1_3_2_2_85_1","volume-title":"Sectigo Domain Validation Certificates. https:\/\/sectigo.com\/ssl-certificates-tls\/dv-domain-validation Retrieved","year":"2019","unstructured":"Sectigo. 2019. Sectigo Domain Validation Certificates. https:\/\/sectigo.com\/ssl-certificates-tls\/dv-domain-validation Retrieved September 25, 2019 from Sectigo. 2019. Sectigo Domain Validation Certificates. https:\/\/sectigo.com\/ssl-certificates-tls\/dv-domain-validation Retrieved September 25, 2019 from"},{"key":"#cr-split#-e_1_3_2_2_86_1.1","doi-asserted-by":"crossref","unstructured":"Nicolas Serrano Hilda Hadan and L. Jean Camp. 2019. A Complete Study of P.K.I. (PKI's Known Incidents). Available at SSRN. https:\/\/doi.org\/10.2139\/ssrn.3425554 10.2139\/ssrn.3425554","DOI":"10.2139\/ssrn.3425554"},{"key":"#cr-split#-e_1_3_2_2_86_1.2","doi-asserted-by":"crossref","unstructured":"Nicolas Serrano Hilda Hadan and L. Jean Camp. 2019. A Complete Study of P.K.I. (PKI's Known Incidents). Available at SSRN. https:\/\/doi.org\/10.2139\/ssrn.3425554","DOI":"10.2139\/ssrn.3425554"},{"key":"e_1_3_2_2_87_1","unstructured":"Roland Shoemaker. 2018. ACME TLS ALPN Challenge Extension. Internet-Draft draft-ietf-acme-tls-alpn-05. IETF. https:\/\/www.ietf.org\/internet-drafts\/draft-ietf-acme-tls-alpn-05.txt  Roland Shoemaker. 2018. ACME TLS ALPN Challenge Extension. Internet-Draft draft-ietf-acme-tls-alpn-05. IETF. https:\/\/www.ietf.org\/internet-drafts\/draft-ietf-acme-tls-alpn-05.txt"},{"key":"e_1_3_2_2_88_1","volume-title":"Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL. In 15th International Conference on Financial Cryptography and Data Security","author":"Soghoian Christopher","year":"2011","unstructured":"Christopher Soghoian and Sid Stamm . 2011 . Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL. In 15th International Conference on Financial Cryptography and Data Security . Springer, New York, NY, USA, 250--259. https:\/\/doi.org\/10.1007\/978--3--642--27576-0_20 10.1007\/978--3--642--27576-0_20 Christopher Soghoian and Sid Stamm. 2011. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL. In 15th International Conference on Financial Cryptography and Data Security. Springer, New York, NY, USA, 250--259. https:\/\/doi.org\/10.1007\/978--3--642--27576-0_20"},{"key":"e_1_3_2_2_89_1","unstructured":"Stephan Somogyi and Allison Miller. 2017. Safe Browsing: Protecting More Than 3 Billion Devices Worldwide Automatically. Google Blog. https:\/\/www.blog.google\/technology\/safety-security\/safe-browsing-protecting-more-3-billion-devices-worldwide-automatically\/  Stephan Somogyi and Allison Miller. 2017. Safe Browsing: Protecting More Than 3 Billion Devices Worldwide Automatically. Google Blog. https:\/\/www.blog.google\/technology\/safety-security\/safe-browsing-protecting-more-3-billion-devices-worldwide-automatically\/"},{"key":"e_1_3_2_2_90_1","unstructured":"Squarespace. 2019. Squarespace and SSL. Squarespace Help. https:\/\/support.squarespace.com\/hc\/en-us\/articles\/205815898  Squarespace. 2019. Squarespace and SSL. Squarespace Help. https:\/\/support.squarespace.com\/hc\/en-us\/articles\/205815898"},{"key":"e_1_3_2_2_91_1","unstructured":"SSL Shopper. 2019. SSL Certificate Comparison and Reviews. https:\/\/www.sslshopper.com  SSL Shopper. 2019. SSL Certificate Comparison and Reviews. https:\/\/www.sslshopper.com"},{"key":"e_1_3_2_2_92_1","unstructured":"Symantec. 2015. Buy and Compare SSL Certificates. Internet Archive version. https:\/\/web.archive.org\/web\/20150610013911\/http:\/\/www.symantec.com\/page.jsp?id=compare-ssl-certificates  Symantec. 2015. Buy and Compare SSL Certificates. Internet Archive version. https:\/\/web.archive.org\/web\/20150610013911\/http:\/\/www.symantec.com\/page.jsp?id=compare-ssl-certificates"},{"key":"e_1_3_2_2_93_1","volume-title":"https:\/\/www.websecurity.symantec.com\/ssl-certificate Retrieved","author":"Certificates SSL","year":"2019","unstructured":"Symantec. 2019. TLS\/ SSL Certificates . https:\/\/www.websecurity.symantec.com\/ssl-certificate Retrieved September 25, 2019 from Symantec. 2019. TLS\/SSL Certificates. https:\/\/www.websecurity.symantec.com\/ssl-certificate Retrieved September 25, 2019 from"},{"key":"e_1_3_2_2_94_1","unstructured":"Wayne Thayer and Johann Hofmann. 2019. Intent to Ship: Move Extended Validation Information Out of the URL Bar. firefox-dev mailing list. https:\/\/groups.google.com\/forum\/m\/?fromgroups&hl=en#!topic\/firefox-dev\/6wAg_PpnlY4  Wayne Thayer and Johann Hofmann. 2019. Intent to Ship: Move Extended Validation Information Out of the URL Bar. firefox-dev mailing list. https:\/\/groups.google.com\/forum\/m\/?fromgroups&hl=en#!topic\/firefox-dev\/6wAg_PpnlY4"},{"key":"e_1_3_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.17"},{"key":"e_1_3_2_2_96_1","volume-title":"The Webtextquoterights Identity Crisis: Understanding the Effectiveness of Website Identity Indicators. In 28th USENIX Security Symposium (USENIX Security '19)","author":"Thompson Christopher","year":"2019","unstructured":"Christopher Thompson , Martin Shelton , Emily Stark , Maximilian Walker , Emily Schechter , and Adrienne Porter Felt . 2019 . The Webtextquoterights Identity Crisis: Understanding the Effectiveness of Website Identity Indicators. In 28th USENIX Security Symposium (USENIX Security '19) . USENIX Association, Berkeley, CA, USA, 1715--1732. https:\/\/www.usenix.org\/system\/files\/sec19-thompson.pdf Christopher Thompson, Martin Shelton, Emily Stark, Maximilian Walker, Emily Schechter, and Adrienne Porter Felt. 2019. The Webtextquoterights Identity Crisis: Understanding the Effectiveness of Website Identity Indicators. In 28th USENIX Security Symposium (USENIX Security '19). USENIX Association, Berkeley, CA, USA, 1715--1732. https:\/\/www.usenix.org\/system\/files\/sec19-thompson.pdf"},{"key":"e_1_3_2_2_97_1","volume-title":"Towards Short-Lived Certificates. In 2012 Web 2.0 Security and Privacy Workshop (W2SP '12)","author":"Topalovic Emin","year":"2012","unstructured":"Emin Topalovic , Brennan Saeta , Lin-Shung Huang , Collin Jackson , and Dan Boneh . 2012. Towards Short-Lived Certificates. In 2012 Web 2.0 Security and Privacy Workshop (W2SP '12) . IEEE , New York, NY, USA , 9 pages. https:\/\/www.ieee-security.org\/TC\/W2SP\/ 2012 \/papers\/w2sp12-final9.pdf Emin Topalovic, Brennan Saeta, Lin-Shung Huang, Collin Jackson, and Dan Boneh. 2012. Towards Short-Lived Certificates. In 2012 Web 2.0 Security and Privacy Workshop (W2SP '12). IEEE, New York, NY, USA, 9 pages. https:\/\/www.ieee-security.org\/TC\/W2SP\/2012\/papers\/w2sp12-final9.pdf"},{"key":"e_1_3_2_2_98_1","unstructured":"U.S. Department of the Treasury. 2019. Specially Designated Nationals and Blocked Persons List (SDN) Human Readable Lists. https:\/\/www.treasury.gov\/resource-center\/sanctions\/SDN-List\/Pages\/default.aspx  U.S. Department of the Treasury. 2019. Specially Designated Nationals and Blocked Persons List (SDN) Human Readable Lists. https:\/\/www.treasury.gov\/resource-center\/sanctions\/SDN-List\/Pages\/default.aspx"},{"key":"e_1_3_2_2_99_1","unstructured":"U.S. National Security Agency. 2008. XKEYSCORE. Classified presentation leaked by Edward Snowden. https:\/\/www.theguardian.com\/world\/interactive\/2013\/jul\/31\/nsa-xkeyscore-program-full-presentation  U.S. National Security Agency. 2008. XKEYSCORE. Classified presentation leaked by Edward Snowden. https:\/\/www.theguardian.com\/world\/interactive\/2013\/jul\/31\/nsa-xkeyscore-program-full-presentation"},{"key":"e_1_3_2_2_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2675015"},{"key":"e_1_3_2_2_101_1","unstructured":"Benny Vasquez. 2016. Announcing: cPanel & WHM's Official Let's Encrypt with AutoSSL Plugin. cPanel Blog. https:\/\/blog.cpanel.com\/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin\/  Benny Vasquez. 2016. Announcing: cPanel & WHM's Official Let's Encrypt with AutoSSL Plugin. cPanel Blog. https:\/\/blog.cpanel.com\/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin\/"},{"key":"e_1_3_2_2_102_1","unstructured":"Webmin. 2018. Let's Encrypt. Webmin Documentation. https:\/\/doxfer.webmin.com\/Webmin\/Let%27s_Encrypt  Webmin. 2018. Let's Encrypt. Webmin Documentation. https:\/\/doxfer.webmin.com\/Webmin\/Let%27s_Encrypt"},{"key":"e_1_3_2_2_103_1","unstructured":"WebTrust\/PKI Assurance Task Force. 2019. WebTrust for Certification Authorities. https:\/\/www.cpacanada.ca\/-\/media\/site\/operational\/ms-member-services\/docs\/webtrust\/webtrust-for-ca-22.pdf  WebTrust\/PKI Assurance Task Force. 2019. WebTrust for Certification Authorities. https:\/\/www.cpacanada.ca\/-\/media\/site\/operational\/ms-member-services\/docs\/webtrust\/webtrust-for-ca-22.pdf"},{"key":"e_1_3_2_2_104_1","volume-title":"Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In 2008 USENIX Annual Technical Conference (ATC '08)","author":"Wendlandt Dan","year":"2008","unstructured":"Dan Wendlandt , David G. Andersen , and Adrian Perrig . 2008 . Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In 2008 USENIX Annual Technical Conference (ATC '08) . USENIX Association, Berkeley, CA, USA, 321--334. https:\/\/www.usenix.org\/legacy\/events\/usenix08\/tech\/full_papers\/wendlandt\/wendlandt.pdf Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In 2008 USENIX Annual Technical Conference (ATC '08). USENIX Association, Berkeley, CA, USA, 321--334. https:\/\/www.usenix.org\/legacy\/events\/usenix08\/tech\/full_papers\/wendlandt\/wendlandt.pdf"},{"key":"e_1_3_2_2_105_1","unstructured":"Wix. 2019. Enabling HTTPS for Your Wix Site. Wix Support. https:\/\/support.wix.com\/en\/article\/enabling-https-for-your-wix-site  Wix. 2019. Enabling HTTPS for Your Wix Site. Wix Support. https:\/\/support.wix.com\/en\/article\/enabling-https-for-your-wix-site"},{"key":"e_1_3_2_2_106_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19260-9_14"},{"key":"e_1_3_2_2_107_1","first-page":"s2019","volume-title":"2019 Workshop on the Economics of Information Security (WEIS '19)","author":"Zeng Eric","year":"2019","unstructured":"Eric Zeng , Frank Li , Emily Stark , Adrienne Porter Felt , and Parisa Tabriz . 2019 . Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications . In 2019 Workshop on the Economics of Information Security (WEIS '19) . 19 pages. https:\/\/wei s2019 .econinfosec.org\/wp-content\/uploads\/sites\/6\/2019\/05\/WEIS_2019_paper_16.pdf Eric Zeng, Frank Li, Emily Stark, Adrienne Porter Felt, and Parisa Tabriz. 2019. Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications. In 2019 Workshop on the Economics of Information Security (WEIS '19). 19 pages. https:\/\/weis2019.econinfosec.org\/wp-content\/uploads\/sites\/6\/2019\/05\/WEIS_2019_paper_16.pdf"},{"key":"e_1_3_2_2_108_1","volume-title":"Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed. In 14th ACM Internet Measurement Conference (IMC '14)","author":"Zhang Liang","year":"2014","unstructured":"Liang Zhang , David Choffnes , Dave Levin , Tudor Dumitracs , Alan Mislove , Aaron Schulman , and Christo Wilson . 2014 . Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed. In 14th ACM Internet Measurement Conference (IMC '14) . ACM, New York, NY, USA, 489--502. https:\/\/doi.org\/10.1145\/2663716.2663758 10.1145\/2663716.2663758 Liang Zhang, David Choffnes, Dave Levin, Tudor Dumitracs, Alan Mislove, Aaron Schulman, and Christo Wilson. 2014. Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed. In 14th ACM Internet Measurement Conference (IMC '14). ACM, New York, NY, USA, 489--502. https:\/\/doi.org\/10.1145\/2663716.2663758"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363192","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363192","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363192","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:32Z","timestamp":1750203872000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363192"}},"subtitle":["An Automated Certificate Authority to Encrypt the Entire Web"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":121,"alternative-id":["10.1145\/3319535.3363192","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3363192","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}