{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:28Z","timestamp":1763507728624,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T00:00:00Z","timestamp":1573430400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,11]]},"DOI":"10.1145\/3338466.3358917","type":"proceedings-article","created":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T18:15:00Z","timestamp":1573496100000},"page":"1-15","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness"],"prefix":"10.1145","author":[{"given":"Michael P.","family":"Heinl","sequence":"first","affiliation":[{"name":"University of Ulm &amp; Fraunhofer AISEC, Ulm &amp; Garching near Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Giehl","sequence":"additional","affiliation":[{"name":"Fraunhofer AISEC, Garching near Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Norbert","family":"Wiedermann","sequence":"additional","affiliation":[{"name":"Fraunhofer AISEC, Garching near Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sven","family":"Plaga","sequence":"additional","affiliation":[{"name":"Fraunhofer AISEC, Garching near Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frank","family":"Kargl","sequence":"additional","affiliation":[{"name":"University of Ulm, Ulm, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,11,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Heather Adkins. 2011. An update on attempted man-in-the-middle attacks. https:\/\/security.googleblog.com\/2011\/08\/update-on-attempted-man-in-middle.html  Heather Adkins. 2011. An update on attempted man-in-the-middle attacks. https:\/\/security.googleblog.com\/2011\/08\/update-on-attempted-man-in-middle.html"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.2307\/1879431"},{"key":"e_1_3_2_1_3_1","volume-title":"Death Sentences and Executions","author":"International Amnesty","year":"2013","unstructured":"Amnesty International . 2014. Death Sentences and Executions 2013 . https:\/\/www.amnestyusa.org\/wp-content\/uploads\/2017\/04\/act500012014en.pdf Amnesty International. 2014. Death Sentences and Executions 2013. https:\/\/www.amnestyusa.org\/wp-content\/uploads\/2017\/04\/act500012014en.pdf"},{"key":"e_1_3_2_1_5_1","unstructured":"Apple Inc. 2016. Apple Root Certificate Program. http:\/\/www.apple.com\/certificateauthority\/ca_program.html  Apple Inc. 2016. Apple Root Certificate Program. http:\/\/www.apple.com\/certificateauthority\/ca_program.html"},{"key":"e_1_3_2_1_6_1","first-page":"10","article-title":"Security Collapse in the HTTPS","volume":"57","author":"Arnbak Axel","year":"2014","unstructured":"Axel Arnbak , Hadi Asghari , Michel Van Eeten , and Nico Van Eijk . 2014 . Security Collapse in the HTTPS Market. Commun. ACM , Vol. 57 , 10 (Sept. 2014), 47--55. https:\/\/doi.org\/10.1145\/2660574 10.1145\/2660574 Axel Arnbak, Hadi Asghari, Michel Van Eeten, and Nico Van Eijk. 2014. Security Collapse in the HTTPS Market. Commun. ACM, Vol. 57, 10 (Sept. 2014), 47--55. https:\/\/doi.org\/10.1145\/2660574","journal-title":"Market. Commun. ACM"},{"key":"e_1_3_2_1_7_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Aviram Nimrod","year":"2016","unstructured":"Nimrod Aviram , Sebastian Schinzel , Juraj Somorovsky , Nadia Heninger , Maik Dankel , Jens Steube , Luke Valenta , David Adrian , J. Alex Halderman , Viktor Dukhovni , Emilia K\"asper, Shaanan Cohney , Susanne Engels , Christof Paar , and Yuval Shavitt . 2016 . DROWN: Breaking TLS Using SSLv2 . In 25th USENIX Security Symposium (USENIX Security 16) . USENIX Association, Austin, TX, 689--706. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/aviram Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\"asper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. 2016. DROWN: Breaking TLS Using SSLv2. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 689--706. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/aviram"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 11th European Conference on Information Systems, ECIS","author":"Backhouse James","year":"2003","unstructured":"James Backhouse , Carol Hsu , John Baptista , and Jimmy C. Tseng . 2003. The Key to Trust? Signalling Quality in the PKI Market . In Proceedings of the 11th European Conference on Information Systems, ECIS ( 2003 ). James Backhouse, Carol Hsu, John Baptista, and Jimmy C. Tseng. 2003. The Key to Trust? Signalling Quality in the PKI Market. In Proceedings of the 11th European Conference on Information Systems, ECIS (2003)."},{"volume-title":"Recommendation for Key Management Part 1: General. Draft NIST Special Publication 800--57 Part 1 Revision 4","author":"Barker Elaine","key":"e_1_3_2_1_9_1","unstructured":"Elaine Barker . 2016. Recommendation for Key Management Part 1: General. Draft NIST Special Publication 800--57 Part 1 Revision 4 . National Institute of Standards and Technology (NIST) . Elaine Barker. 2016. Recommendation for Key Management Part 1: General. Draft NIST Special Publication 800--57 Part 1 Revision 4. National Institute of Standards and Technology (NIST)."},{"key":"e_1_3_2_1_10_1","volume-title":"Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. NIST Special Publication 800--131A Revision 1","author":"Barker Elaine","year":"2015","unstructured":"Elaine Barker and Allen Roginsky . 2015 . Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. NIST Special Publication 800--131A Revision 1 . National Institute of Standards and Technology (NIST) . Elaine Barker and Allen Roginsky. 2015. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. NIST Special Publication 800--131A Revision 1. National Institute of Standards and Technology (NIST)."},{"key":"e_1_3_2_1_11_1","first-page":"6","article-title":"The SCION Internet","volume":"60","author":"Barrera David","year":"2017","unstructured":"David Barrera , Laurent Chuat , Adrian Perrig , Raphael M. Reischuk , and Pawel Szalachowski . 2017 . The SCION Internet Architecture. Commun. ACM , Vol. 60 , 6 (May 2017), 56--65. https:\/\/doi.org\/10.1145\/3085591 10.1145\/3085591 David Barrera, Laurent Chuat, Adrian Perrig, Raphael M. Reischuk, and Pawel Szalachowski. 2017. The SCION Internet Architecture. Commun. ACM, Vol. 60, 6 (May 2017), 56--65. https:\/\/doi.org\/10.1145\/3085591","journal-title":"Architecture. Commun. ACM"},{"key":"e_1_3_2_1_12_1","volume-title":"ASICS: Authenticated Key Exchange Security Incorporating Certification Systems. In Computer Security -- ESORICS","author":"Boyd Colin","year":"2013","unstructured":"Colin Boyd , Cas Cremers , Mich\u00e8le Feltz , Kenneth G. Paterson , Bertram Poettering , and Douglas Stebila . 2013 . ASICS: Authenticated Key Exchange Security Incorporating Certification Systems. In Computer Security -- ESORICS 2013, Jason Crampton, Sushil Jajodia , and Keith Mayes (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg, 381--399. Colin Boyd, Cas Cremers, Mich\u00e8le Feltz, Kenneth G. Paterson, Bertram Poettering, and Douglas Stebila. 2013. ASICS: Authenticated Key Exchange Security Incorporating Certification Systems. In Computer Security -- ESORICS 2013, Jason Crampton, Sushil Jajodia, and Keith Mayes (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 381--399."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243790"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom.2013.90"},{"key":"e_1_3_2_1_15_1","unstructured":"Bundesverfassungsgericht. 2006. Authorisation to shoot down aircraft in the Aviation Security Act void. https:\/\/www.bundesverfassungsgericht.de\/SharedDocs\/Entscheidungen\/EN\/2006\/02\/rs20060215_1bvr035705en.html.  Bundesverfassungsgericht. 2006. Authorisation to shoot down aircraft in the Aviation Security Act void. https:\/\/www.bundesverfassungsgericht.de\/SharedDocs\/Entscheidungen\/EN\/2006\/02\/rs20060215_1bvr035705en.html."},{"key":"e_1_3_2_1_16_1","unstructured":"CA\/Browser Forum. 2018a. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.0.pdf  CA\/Browser Forum. 2018a. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.0.pdf"},{"key":"e_1_3_2_1_17_1","unstructured":"CA\/Browser Forum. 2018b. Guidelines For The Issuance And Management Of Extended Validation Certificates Version 1.6.8. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-EV-Guidelines-v1.6.8.pdf  CA\/Browser Forum. 2018b. Guidelines For The Issuance And Management Of Extended Validation Certificates Version 1.6.8. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-EV-Guidelines-v1.6.8.pdf"},{"key":"e_1_3_2_1_18_1","unstructured":"CA\/Browser Forum. 2018c. Network and Certificate System Security Requirements Version 1.1. https:\/\/cabforum.org\/wp-content\/uploads\/CABForum_Network_Security_Controls_v.1.1-corrected.pdf  CA\/Browser Forum. 2018c. Network and Certificate System Security Requirements Version 1.1. https:\/\/cabforum.org\/wp-content\/uploads\/CABForum_Network_Security_Controls_v.1.1-corrected.pdf"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.84"},{"key":"e_1_3_2_1_20_1","volume-title":"Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA). RFC 3492. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc3492","author":"Costello A.","year":"2003","unstructured":"A. Costello . 2003 . Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA). RFC 3492. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc3492 A. Costello. 2003. Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA). RFC 3492. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc3492"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"A. Deacon and R. Hurst. 2007. The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments. RFC 5019. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc5019  A. Deacon and R. Hurst. 2007. The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments. RFC 5019. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc5019","DOI":"10.17487\/rfc5019"},{"key":"e_1_3_2_1_22_1","unstructured":"Debian Security Team. 2008. CVE-2008-0166. https:\/\/security-tracker.debian.org\/tracker\/CVE-2008-0166  Debian Security Team. 2008. CVE-2008-0166. https:\/\/security-tracker.debian.org\/tracker\/CVE-2008-0166"},{"key":"e_1_3_2_1_23_1","unstructured":"DigiCert. 2018. Getting Ahead of Chrome 70 Distrust of Symantec-Issued Certificates. https:\/\/www.digicert.com\/blog\/getting-ahead-chrome-70-distrust-symantec-issued-certificates\/  DigiCert. 2018. Getting Ahead of Chrome 70 Distrust of Symantec-Issued Certificates. https:\/\/www.digicert.com\/blog\/getting-ahead-chrome-70-distrust-symantec-issued-certificates\/"},{"volume-title":"22nd ACM Conference on Computer and Communications Security.","author":"Durumeric Zakir","key":"e_1_3_2_1_24_1","unstructured":"Zakir Durumeric , David Adrian , Ariana Mirian , Michael Bailey , and J. Alex Halderman . 2015. A Search Engine Backed by Internet-Wide Scanning . In 22nd ACM Conference on Computer and Communications Security. Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In 22nd ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_25_1","volume-title":"Domain Name System Security Extensions. RFC 2065","author":"Donald","year":"2065","unstructured":"Donald E. Eastlake and Charles W. Kaufman. 1997 . Domain Name System Security Extensions. RFC 2065 . Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc 2065 Donald E. Eastlake and Charles W. Kaufman. 1997. Domain Name System Security Extensions. RFC 2065. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc2065"},{"key":"e_1_3_2_1_26_1","volume-title":"Electronic Signatures and Infrastructures (ESI)","author":"European Telecommunications Standards Institute (ETSI). 2015.","year":"1940","unstructured":"European Telecommunications Standards Institute (ETSI). 2015. Electronic Signatures and Infrastructures (ESI) ; Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers. ETSI EN 319 403 V2.2.2. https:\/\/www.etsi.org\/deliver\/etsi_en\/3 1940 0_319499\/319403\/02.02.02_60\/en_319403v020202p.pdf European Telecommunications Standards Institute (ETSI). 2015. Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers. ETSI EN 319 403 V2.2.2. https:\/\/www.etsi.org\/deliver\/etsi_en\/319400_319499\/319403\/02.02.02_60\/en_319403v020202p.pdf"},{"key":"e_1_3_2_1_27_1","volume-title":"Electronic Signatures and Infrastructures (ESI)","author":"European Telecommunications Standards Institute (ETSI). 2018b.","year":"1940","unstructured":"European Telecommunications Standards Institute (ETSI). 2018b. Electronic Signatures and Infrastructures (ESI) ; General Policy Requirements for Trust Service Providers. ETSI EN 319 401 V2.2.1. https:\/\/www.etsi.org\/deliver\/etsi_en\/3 1940 0_319499\/319401\/02.02.01_60\/en_319401v020201p.pdf European Telecommunications Standards Institute (ETSI). 2018b. Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers. ETSI EN 319 401 V2.2.1. https:\/\/www.etsi.org\/deliver\/etsi_en\/319400_319499\/319401\/02.02.01_60\/en_319401v020201p.pdf"},{"key":"e_1_3_2_1_28_1","volume-title":"Electronic Signatures and Infrastructures (ESI)","author":"European Telecommunications Standards Institute (ETSI). 2018a.","year":"1940","unstructured":"European Telecommunications Standards Institute (ETSI). 2018a. Electronic Signatures and Infrastructures (ESI) ; Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements. ETSI EN 319 411--1 V1.2.2. https:\/\/www.etsi.org\/deliver\/etsi_en\/3 1940 0_319499\/31941101\/01.02.02_60\/en_31941101v010202p.pdf European Telecommunications Standards Institute (ETSI). 2018a. Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements. ETSI EN 319 411--1 V1.2.2. https:\/\/www.etsi.org\/deliver\/etsi_en\/319400_319499\/31941101\/01.02.02_60\/en_31941101v010202p.pdf"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.93"},{"key":"e_1_3_2_1_30_1","volume-title":"Freedom on the Net","author":"House Freedom","year":"2014","unstructured":"Freedom House . 2014. Freedom on the Net 2014 . https:\/\/freedomhouse.org\/sites\/default\/files\/FOTN_2014_Full_Report_compressedv2_0.pdf Freedom House. 2014. Freedom on the Net 2014. https:\/\/freedomhouse.org\/sites\/default\/files\/FOTN_2014_Full_Report_compressedv2_0.pdf"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2005.09.044"},{"key":"e_1_3_2_1_32_1","unstructured":"Dan Goodin. 2015a. Dell does a Superfish ships PCs with easily cloneable root certificates. https:\/\/arstechnica.com\/information-technology\/2015\/11\/dell-does-superfish-ships-pcs-with-self-signed-root-certificates\/  Dan Goodin. 2015a. Dell does a Superfish ships PCs with easily cloneable root certificates. https:\/\/arstechnica.com\/information-technology\/2015\/11\/dell-does-superfish-ships-pcs-with-self-signed-root-certificates\/"},{"key":"e_1_3_2_1_33_1","unstructured":"Dan Goodin. 2015b. Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated]. https:\/\/arstechnica.com\/information-technology\/2015\/02\/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections\/  Dan Goodin. 2015b. Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated]. https:\/\/arstechnica.com\/information-technology\/2015\/02\/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections\/"},{"key":"e_1_3_2_1_34_1","unstructured":"Google LLC. 2018. Root Certificate Policy. https:\/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy  Google LLC. 2018. Root Certificate Policy. https:\/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy"},{"key":"e_1_3_2_1_35_1","unstructured":"Robert Graham. 2015. Extracting the SuperFish certificate. https:\/\/blog.erratasec.com\/2015\/02\/extracting-superfish-certificate.html  Robert Graham. 2015. Extracting the SuperFish certificate. https:\/\/blog.erratasec.com\/2015\/02\/extracting-superfish-certificate.html"},{"key":"e_1_3_2_1_36_1","volume-title":"A metric to assess the trustworthiness of certificate authorities. Master's Thesis","author":"Heinl Michael P.","year":"1872","unstructured":"Michael P. Heinl . 2019. A metric to assess the trustworthiness of certificate authorities. Master's Thesis . University of Ulm , Ulm, Germany . https:\/\/doi.org\/10. 1872 5\/OPARU-12173 10.18725\/OPARU-12173 Michael P. Heinl. 2019. A metric to assess the trustworthiness of certificate authorities. Master's Thesis. University of Ulm, Ulm, Germany. https:\/\/doi.org\/10.18725\/OPARU-12173"},{"key":"e_1_3_2_1_37_1","volume-title":"Black Tulip: Report of the investigation into the DigiNotar Certificate Authority breach. Technical Report. Fox-IT BV.","author":"Hoogstraaten Hans","year":"2012","unstructured":"Hans Hoogstraaten , Ronald Prins , Dani\u00ebl Niggebrugge , Danny Heppener , Frank Groenewegen , Janna Wettinck , Kevin Strooy , Pascal Arends , Paul Pols , Robbert Kouprie , Steffen Moorrees , Xander van Pelt , and Yun Zheng Hu . 2012 . Black Tulip: Report of the investigation into the DigiNotar Certificate Authority breach. Technical Report. Fox-IT BV. Hans Hoogstraaten, Ronald Prins, Dani\u00ebl Niggebrugge, Danny Heppener, Frank Groenewegen, Janna Wettinck, Kevin Strooy, Pascal Arends, Paul Pols, Robbert Kouprie, Steffen Moorrees, Xander van Pelt, and Yun Zheng Hu. 2012. Black Tulip: Report of the investigation into the DigiNotar Certificate Authority breach. Technical Report. Fox-IT BV."},{"key":"e_1_3_2_1_38_1","unstructured":"International Telecommunication Union (ITU). 2016. Information technology -- Open Systems Interconnection -- The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509 ISO\/IEC 9594--8:2017. https:\/\/www.itu.int\/rec\/T-REC-X.509-201610-I\/en  International Telecommunication Union (ITU). 2016. Information technology -- Open Systems Interconnection -- The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509 ISO\/IEC 9594--8:2017. https:\/\/www.itu.int\/rec\/T-REC-X.509-201610-I\/en"},{"key":"e_1_3_2_1_39_1","volume-title":"Tracking Certificate Misissuance in the Wild. In 2018 IEEE Symposium on Security and Privacy (SP). 785--798","author":"Kumar D.","year":"2018","unstructured":"D. Kumar , Z. Wang , M. Hyder , J. Dickinson , G. Beck , D. Adrian , J. Mason , Z. Durumeric , J. A. Halderman , and M. Bailey . 2018 . Tracking Certificate Misissuance in the Wild. In 2018 IEEE Symposium on Security and Privacy (SP). 785--798 . https:\/\/doi.org\/10.1109\/SP. 2018 .00015 10.1109\/SP.2018.00015 D. Kumar, Z. Wang, M. Hyder, J. Dickinson, G. Beck, D. Adrian, J. Mason, Z. Durumeric, J. A. Halderman, and M. Bailey. 2018. Tracking Certificate Misissuance in the Wild. In 2018 IEEE Symposium on Security and Privacy (SP). 785--798. https:\/\/doi.org\/10.1109\/SP.2018.00015"},{"key":"e_1_3_2_1_40_1","unstructured":"Adam Langley. 2013. Enhancing digital certificate security. https:\/\/security.googleblog.com\/2013\/01\/enhancing-digital-certificate-security.html  Adam Langley. 2013. Enhancing digital certificate security. https:\/\/security.googleblog.com\/2013\/01\/enhancing-digital-certificate-security.html"},{"key":"e_1_3_2_1_41_1","first-page":"10 pages. https","volume-title":"Queue","volume":"12","author":"Laurie Ben","year":"2014","unstructured":"Ben Laurie . 2014 . Certificate Transparency . Queue , Vol. 12 , 8, Article 10 (Aug. 2014), bibinfonumpages 10 pages. https:\/\/doi.org\/10 .1145\/2668152.2668154 10.1145\/2668152.2668154 Ben Laurie. 2014. Certificate Transparency. Queue, Vol. 12, 8, Article 10 (Aug. 2014), bibinfonumpages10 pages. https:\/\/doi.org\/10.1145\/2668152.2668154"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"B. Laurie A. Langley and E. Kasper. 2013. Certificate Transparency. RFC 6962. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc6962  B. Laurie A. Langley and E. Kasper. 2013. Certificate Transparency. RFC 6962. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc6962","DOI":"10.17487\/rfc6962"},{"volume-title":"On the Possibility of Constructing Meaningful Hash Collisions for Public Keys","author":"Lenstra Arjen","key":"e_1_3_2_1_43_1","unstructured":"Arjen Lenstra and Benne de Weger . 2005. On the Possibility of Constructing Meaningful Hash Collisions for Public Keys . In Information Security and Privacy, Colin Boyd and Juan Manuel Gonz\u00e1lez Nieto (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg , 267--279. Arjen Lenstra and Benne de Weger. 2005. On the Possibility of Constructing Meaningful Hash Collisions for Public Keys. In Information Security and Privacy, Colin Boyd and Juan Manuel Gonz\u00e1lez Nieto (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 267--279."},{"key":"e_1_3_2_1_44_1","unstructured":"Let's Encrypt. 2015. The CA's Role in Fighting Phishing and Malware. https:\/\/letsencrypt.org\/2015\/10\/29\/phishing-and-malware.html  Let's Encrypt. 2015. The CA's Role in Fighting Phishing and Malware. https:\/\/letsencrypt.org\/2015\/10\/29\/phishing-and-malware.html"},{"key":"e_1_3_2_1_45_1","article-title":"The Cost of Reading Privacy Policies","volume":"4","author":"McDonald A. M.","year":"2008","unstructured":"A. M. McDonald and L. F. Cranor . 2008 . The Cost of Reading Privacy Policies . I\/S: A Journal of Law and Policy for the Information Society , Vol. 4 , 3 (2008). A. M. McDonald and L. F. Cranor. 2008. The Cost of Reading Privacy Policies. I\/S: A Journal of Law and Policy for the Information Society, Vol. 4, 3 (2008).","journal-title":"I\/S: A Journal of Law and Policy for the Information Society"},{"key":"e_1_3_2_1_46_1","unstructured":"Microsoft. 2011. Microsoft Security Advisory 2607712. https:\/\/docs.microsoft.com\/en-us\/security-updates\/SecurityAdvisories\/2011\/2607712  Microsoft. 2011. Microsoft Security Advisory 2607712. https:\/\/docs.microsoft.com\/en-us\/security-updates\/SecurityAdvisories\/2011\/2607712"},{"key":"e_1_3_2_1_47_1","unstructured":"Microsoft Inc. 2018. Microsoft Trusted Root Program Requirements. http:\/\/aka.ms\/RootCert  Microsoft Inc. 2018. Microsoft Trusted Root Program Requirements. http:\/\/aka.ms\/RootCert"},{"key":"e_1_3_2_1_48_1","unstructured":"MITRE. 2018. CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). https:\/\/cwe.mitre.org\/data\/definitions\/338.html  MITRE. 2018. CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). https:\/\/cwe.mitre.org\/data\/definitions\/338.html"},{"key":"e_1_3_2_1_49_1","unstructured":"Mozilla Foundation. 2018. Mozilla Root Store Policy Version 2.5. https:\/\/www.mozilla.org\/en-US\/about\/governance\/policies\/security-group\/certs\/policy\/  Mozilla Foundation. 2018. Mozilla Root Store Policy Version 2.5. https:\/\/www.mozilla.org\/en-US\/about\/governance\/policies\/security-group\/certs\/policy\/"},{"key":"e_1_3_2_1_50_1","unstructured":"Johnathan Nightingale. 2011. igiNotar Removal Follow Up. https:\/\/blog.mozilla.org\/security\/2011\/09\/02\/diginotar-removal-follow-up\/  Johnathan Nightingale. 2011. igiNotar Removal Follow Up. https:\/\/blog.mozilla.org\/security\/2011\/09\/02\/diginotar-removal-follow-up\/"},{"key":"e_1_3_2_1_51_1","unstructured":"Devon O'Brien Ryan Sleevi and Andrew Whalley. 2018. Chrome's Plan to Distrust Symantec Certificates. https:\/\/security.googleblog.com\/2017\/09\/chromes-plan-to-distrust-symantec.html  Devon O'Brien Ryan Sleevi and Andrew Whalley. 2018. Chrome's Plan to Distrust Symantec Certificates. https:\/\/security.googleblog.com\/2017\/09\/chromes-plan-to-distrust-symantec.html"},{"volume-title":"Financial Cryptography and Data Security,, Nicolas Christin and Reihaneh Safavi-Naini (Eds.)","author":"Perl Henning","key":"e_1_3_2_1_52_1","unstructured":"Henning Perl , Sascha Fahl , and Matthew Smith . 2014. You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores . In Financial Cryptography and Data Security,, Nicolas Christin and Reihaneh Safavi-Naini (Eds.) . Springer Berlin Heidelberg , Berlin, Heidelberg , 307--315. Henning Perl, Sascha Fahl, and Matthew Smith. 2014. You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores. In Financial Cryptography and Data Security,, Nicolas Christin and Reihaneh Safavi-Naini (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 307--315."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67080-5"},{"key":"e_1_3_2_1_54_1","unstructured":"Reporters without Borders. 2014. 2014 World Press Freedom Index. https:\/\/rsf.org\/sites\/default\/files\/index2014_en.pdf  Reporters without Borders. 2014. 2014 World Press Freedom Index. https:\/\/rsf.org\/sites\/default\/files\/index2014_en.pdf"},{"volume-title":"A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST Special Publication 800-22 Revision 1a","author":"Rukhin Andrew","key":"e_1_3_2_1_55_1","unstructured":"Andrew Rukhin , Juan Soto , James Nechvatal , Miles Smid , Elaine Barker , Stefan Leigh , Mark Levenson , Mark Vangel , David Banks , Alan Heckert , James Dray , and San Vo. 2010. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST Special Publication 800-22 Revision 1a . National Institute of Standards and Technology (NIST) . Andrew Rukhin, Juan Soto, James Nechvatal, Miles Smid, Elaine Barker, Stefan Leigh, Mark Levenson, Mark Vangel, David Banks, Alan Heckert, James Dray, and San Vo. 2010. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST Special Publication 800-22 Revision 1a. National Institute of Standards and Technology (NIST)."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/310889.310900"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"S. Santesson M. Myers R. Ankney A. Malpani S. Galperin and C. Adams. 2013. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc6960  S. Santesson M. Myers R. Ankney A. Malpani S. Galperin and C. Adams. 2013. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960. Internet Engineering Task Force (IETF). https:\/\/tools.ietf.org\/html\/rfc6960","DOI":"10.17487\/rfc6960"},{"key":"e_1_3_2_1_58_1","unstructured":"Emily Schechter. 2018. A milestone for Chrome security: marking HTTP as \"not secure\". https:\/\/www.blog.google\/products\/chrome\/milestone-chrome-security-marking-http-not-secure\/  Emily Schechter. 2018. A milestone for Chrome security: marking HTTP as \"not secure\". https:\/\/www.blog.google\/products\/chrome\/milestone-chrome-security-marking-http-not-secure\/"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213232.3213235"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1982185.1982548"},{"volume-title":"Guide to Data-Centric System Threat Modeling. Draft NIST Special Publication 800--154","author":"Souppaya Murugiah","key":"e_1_3_2_1_61_1","unstructured":"Murugiah Souppaya and Karen Scarfone . 2016. Guide to Data-Centric System Threat Modeling. Draft NIST Special Publication 800--154 . National Institute of Standards and Technology (NIST) . Murugiah Souppaya and Karen Scarfone. 2016. Guide to Data-Centric System Threat Modeling. Draft NIST Special Publication 800--154. National Institute of Standards and Technology (NIST)."},{"volume-title":"The Economics of Cryptographic Trust: Understanding Certificate Authorities. Master's Thesis","author":"Specter Michael Alan","key":"e_1_3_2_1_62_1","unstructured":"Michael Alan Specter . 2016. The Economics of Cryptographic Trust: Understanding Certificate Authorities. Master's Thesis . Massachusetts Institute of Technology , Cambridge, MA, USA . Michael Alan Specter. 2016. The Economics of Cryptographic Trust: Understanding Certificate Authorities. Master's Thesis. Massachusetts Institute of Technology, Cambridge, MA, USA."},{"volume-title":"Advances in Cryptology -- CRYPTO 201,","author":"Stevens Marc","key":"e_1_3_2_1_63_1","unstructured":"Marc Stevens , Elie Bursztein , Pierre Karpman , Ange Albertini , and Yarik Markov . 2017. The First Collision for Full SHA-1 . In Advances in Cryptology -- CRYPTO 201, , Jonathan Katz and Hovav Shacham (Eds.). Springer International Publishing , Cham . Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, and Yarik Markov. 2017. The First Collision for Full SHA-1. In Advances in Cryptology -- CRYPTO 201,, Jonathan Katz and Hovav Shacham (Eds.). Springer International Publishing, Cham."},{"key":"e_1_3_2_1_64_1","unstructured":"The Internet Corporation for Assigned Names and Numbers (ICANN). 2018. TLD DNSSEC Report (2018-07--19 00:02:15). http:\/\/stats.research.icann.org\/dns\/tld_report\/  The Internet Corporation for Assigned Names and Numbers (ICANN). 2018. TLD DNSSEC Report (2018-07--19 00:02:15). http:\/\/stats.research.icann.org\/dns\/tld_report\/"},{"key":"e_1_3_2_1_65_1","volume-title":"Corruption Perceptions Index","author":"International Transparency","year":"2014","unstructured":"Transparency International . 2014. Corruption Perceptions Index 2014 . https:\/\/www.transparency.org\/cpi2014 Transparency International. 2014. Corruption Perceptions Index 2014. https:\/\/www.transparency.org\/cpi2014"},{"key":"e_1_3_2_1_66_1","volume-title":"2016 11th International Conference for Internet Technology and Secured Transactions, ICITST 2016. 196--203","author":"Uahhabi Z.E.","year":"2016","unstructured":"Z.E. Uahhabi and H.E. Bakkali . 2016. An approach for evaluating trust in X.509 certificates . In 2016 11th International Conference for Internet Technology and Secured Transactions, ICITST 2016. 196--203 . https:\/\/doi.org\/10.1109\/ICITST. 2016 .7856696 cited By 0. 10.1109\/ICITST.2016.7856696 Z.E. Uahhabi and H.E. Bakkali. 2016. An approach for evaluating trust in X.509 certificates. In 2016 11th International Conference for Internet Technology and Secured Transactions, ICITST 2016. 196--203. https:\/\/doi.org\/10.1109\/ICITST.2016.7856696 cited By 0."},{"key":"e_1_3_2_1_68_1","volume-title":"Abdelmalek Benzekri, and David W. Chadwick.","author":"Wazan Ahmad Samer","year":"2013","unstructured":"Ahmad Samer Wazan , Romain Laborde , Francc ois Barrere , Abdelmalek Benzekri, and David W. Chadwick. 2013 . PKI Interoperability: Still an Issue? A Solution in the X.509 Realm. In Information Assurance and Security Education and Training,, Ronald C. Dodge and Lynn Futcher (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg, 68--82. Ahmad Samer Wazan, Romain Laborde, Francc ois Barrere, Abdelmalek Benzekri, and David W. Chadwick. 2013. PKI Interoperability: Still an Issue? A Solution in the X.509 Realm. In Information Assurance and Security Education and Training,, Ronald C. Dodge and Lynn Futcher (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 68--82."},{"key":"e_1_3_2_1_69_1","volume-title":"2012 IEEE International Conference on Communications (ICC). 6895--6900","author":"Wazan A. S.","year":"2012","unstructured":"A. S. Wazan , R. Laborde , F. Barr\u00e8re , and A. Benzekri . 2012. The X.509 trust model needs a and legal expert . In 2012 IEEE International Conference on Communications (ICC). 6895--6900 . https:\/\/doi.org\/10.1109\/ICC. 2012 .6364860 10.1109\/ICC.2012.6364860 A. S. Wazan, R. Laborde, F. Barr\u00e8re, and A. Benzekri. 2012. The X.509 trust model needs a and legal expert. In 2012 IEEE International Conference on Communications (ICC). 6895--6900. https:\/\/doi.org\/10.1109\/ICC.2012.6364860"},{"key":"e_1_3_2_1_70_1","volume-title":"An Analysis of the Existing Trust Approaches. In 2016 IEEE 41st Conference on Local Computer Networks (LCN). 531--534","author":"Wazan A. S.","year":"2016","unstructured":"A. S. Wazan , R. Laborde , D. W. Chadwick , F. Barrere , and A. Benzekri . 2016. How Can I Trust an X.509 Certificate? An Analysis of the Existing Trust Approaches. In 2016 IEEE 41st Conference on Local Computer Networks (LCN). 531--534 . https:\/\/doi.org\/10.1109\/LCN. 2016 .85 10.1109\/LCN.2016.85 A. S. Wazan, R. Laborde, D. W. Chadwick, F. Barrere, and A. Benzekri. 2016. How Can I Trust an X.509 Certificate? An Analysis of the Existing Trust Approaches. In 2016 IEEE 41st Conference on Local Computer Networks (LCN). 531--534. https:\/\/doi.org\/10.1109\/LCN.2016.85"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/6907146"},{"key":"e_1_3_2_1_72_1","unstructured":"WebTrust. 2017. WebTrust Principles and Criteria for Certification Authorities. Version 2.1. http:\/\/www.webtrust.org\/principles-and-criteria\/docs\/item85228.pdf  WebTrust. 2017. WebTrust Principles and Criteria for Certification Authorities. Version 2.1. http:\/\/www.webtrust.org\/principles-and-criteria\/docs\/item85228.pdf"},{"key":"e_1_3_2_1_73_1","unstructured":"WebTrust. 2018. WebTrust Principles and Criteria for Certification Authorities - SSL Baseline with Network Security. Version 2.3. http:\/\/www.webtrust.org\/principles-and-criteria\/docs\/item85437.PDF  WebTrust. 2018. WebTrust Principles and Criteria for Certification Authorities - SSL Baseline with Network Security. Version 2.3. http:\/\/www.webtrust.org\/principles-and-criteria\/docs\/item85437.PDF"},{"key":"e_1_3_2_1_74_1","unstructured":"Florian Weimer. 2008. New openssl packages fix predictable random number generator. https:\/\/lists.debian.org\/debian-security-announce\/2008\/msg00152.html  Florian Weimer. 2008. New openssl packages fix predictable random number generator. https:\/\/lists.debian.org\/debian-security-announce\/2008\/msg00152.html"},{"key":"e_1_3_2_1_75_1","unstructured":"Kathleen Wilson and Gervase Markham. 2017. MozillaWiki - CA:Symantec_Issues. https:\/\/wiki.mozilla.org\/CA:Symantec_Issues  Kathleen Wilson and Gervase Markham. 2017. MozillaWiki - CA:Symantec_Issues. https:\/\/wiki.mozilla.org\/CA:Symantec_Issues"},{"volume-title":"The Transparency Reporting Toolkit","author":"Woolery Liz","key":"e_1_3_2_1_76_1","unstructured":"Liz Woolery , Ryan Budish , and Kevin Bankston . 2016. The Transparency Reporting Toolkit . New America and The Berkman Center for Internet & Society at Harvard University . Liz Woolery, Ryan Budish, and Kevin Bankston. 2016. The Transparency Reporting Toolkit. New America and The Berkman Center for Internet & Society at Harvard University."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.529"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"London United Kingdom","acronym":"CCS '19"},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338466.3358917","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3338466.3358917","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:43:21Z","timestamp":1750207401000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338466.3358917"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,11]]},"references-count":75,"alternative-id":["10.1145\/3338466.3358917","10.1145\/3338466"],"URL":"https:\/\/doi.org\/10.1145\/3338466.3358917","relation":{},"subject":[],"published":{"date-parts":[[2019,11,11]]},"assertion":[{"value":"2019-11-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}