{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T18:03:40Z","timestamp":1773857020036,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":80,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,27]],"date-time":"2020-10-27T00:00:00Z","timestamp":1603756800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,27]]},"DOI":"10.1145\/3419394.3423645","type":"proceedings-article","created":{"date-parts":[[2020,10,22]],"date-time":"2020-10-22T20:30:22Z","timestamp":1603398622000},"page":"577-597","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Accept the Risk and Continue"],"prefix":"10.1145","author":[{"given":"Sudheesh","family":"Singanamalla","sequence":"first","affiliation":[{"name":"University of Washington"}]},{"given":"Esther Han Beol","family":"Jang","sequence":"additional","affiliation":[{"name":"University of Washington"}]},{"given":"Richard","family":"Anderson","sequence":"additional","affiliation":[{"name":"University of Washington"}]},{"given":"Tadayoshi","family":"Kohno","sequence":"additional","affiliation":[{"name":"University of Washington"}]},{"given":"Kurtis","family":"Heimerl","sequence":"additional","affiliation":[{"name":"University of Washington"}]}],"member":"320","published-online":{"date-parts":[[2020,10,27]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n.d.]. The Great Firewall of China --- web of control | Financial Times. https:\/\/www.ft.com\/content\/e19b3022-40eb-11e9-9bee-efab61506f44. (Accessed on 03\/06\/2020)."},{"key":"e_1_3_2_2_2_1","unstructured":"2016. 95% of HTTPS servers vulnerable to trivial MITM attacks | Netcraft News. https:\/\/news.netcraft.com\/archives\/2016\/03\/17\/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html. (Accessed on 09\/11\/2020)."},{"key":"e_1_3_2_2_3_1","unstructured":"2020. Government\/Local Government Operation Site | Agency Information | Government 24. https:\/\/www.gov.kr\/portal\/orgSite?. (Accessed on 09\/12\/2020)."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363192"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134007"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488395"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131401"},{"key":"e_1_3_2_2_8_1","volume-title":"Detecting certificate authority compromises and web browser collusion. Tor Blog 22","author":"Appelbaum Jacob","year":"2011","unstructured":"Jacob Appelbaum. 2011. Detecting certificate authority compromises and web browser collusion. Tor Blog 22 (2011)."},{"key":"e_1_3_2_2_9_1","unstructured":"Apple. 2018. List of available trusted root certificates in MacOS. https:\/\/support.apple.com\/en-gb\/HT208127. (Accessed on 06\/02\/2020)."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.giq.2010.07.006"},{"key":"e_1_3_2_2_11_1","unstructured":"Zineb Ait Bahajji and Gary Illyes. 2014. Official Google Webmaster Central Blog: HTTPS as a ranking signal. https:\/\/webmasters.googleblog.com\/2014\/08\/httpsas-ranking-signal.html. (Accessed on 03\/03\/2020)."},{"key":"e_1_3_2_2_12_1","unstructured":"Elaine Barker and Allen Roginsky. 2015. SP 800-131 (June 11 2010): Recommendation for the Transitioning of Cryptographic Algorithms and Key Lengths. https:\/\/csrc.nist.gov\/csrc\/media\/publications\/sp\/800-131\/archive\/2010-06-16\/documents\/sp800-131-draft2-june2010.pdf. (Accessed on 03\/06\/2020)."},{"key":"e_1_3_2_2_13_1","unstructured":"CA Browser Forum. 2017. Ballot 193 - 825-day Certificate Lifetimes - CAB Forum. https:\/\/cabforum.org\/2017\/03\/17\/ballot-193-825-day-certificate-lifetimes\/. (Accessed on 05\/24\/2020)."},{"key":"e_1_3_2_2_14_1","unstructured":"CA Browser Forum. 2019. Ballot SC22 - Reduce Certificate Lifetimes (v2) - CAB Forum. https:\/\/cabforum.org\/2019\/09\/10\/ballot-sc22-reduce-certificate-lifetimes-v2\/. (Accessed on 05\/24\/2020)."},{"key":"e_1_3_2_2_15_1","unstructured":"Chromium. 2018. 823665 - please remove trust of GPKIRootCA1 root certificate or sub-ca - chromium. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=823665. (Accessed on 05\/29\/2020)."},{"key":"e_1_3_2_2_16_1","unstructured":"Cisco. 2016. Umbrella Popularity List. (Accessed on 09\/07\/2020)."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"e_1_3_2_2_18_1","unstructured":"Cloudflare. [n.d.]. What Happens in a TLS Handshake? | SSL Handshake | Cloudflare. https:\/\/www.cloudflare.com\/learning\/ssl\/what-happens-in-a-tls-handshake\/. (Accessed on 05\/24\/2020)."},{"key":"e_1_3_2_2_19_1","volume-title":"CFSSL: Cloudflare's PKI and TLS toolkit. https:\/\/github.com\/cloudflare\/cfssl.","year":"2019","unstructured":"Cloudflare. 2019. CFSSL: Cloudflare's PKI and TLS toolkit. https:\/\/github.com\/cloudflare\/cfssl."},{"key":"e_1_3_2_2_20_1","unstructured":"OWASP Contributors. 2020. Man-in-the-middle Software Attack | OWASP Foundation. https:\/\/owasp.org\/www-community\/attacks\/Man-in-the-middle_attack. (Accessed on 09\/11\/2020)."},{"key":"e_1_3_2_2_21_1","unstructured":"DotGov. 2020. Making .gov More Secure by Default | DotGov. https:\/\/home. dotgov.gov\/management\/preloading\/dotgovhttps\/. (Accessed on 09\/12\/2020)."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_2_23_1","volume-title":"22nd ACM Conference on Computer and Communications Security.","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In 22nd ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815695"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric Zane Ma Drew Springall Richard Barnes Nick Sullivan Elie Bursztein Michael Bailey J Alex Halderman and Vern Paxson. 2017. The Security Impact of HTTPS Interception.. In NDSS.","DOI":"10.14722\/ndss.2017.23456"},{"key":"e_1_3_2_2_27_1","unstructured":"Electronic Frontier Foundation EFF. [n.d.]. Certbot. https:\/\/certbot.eff.org\/. (Accessed on 09\/12\/2020)."},{"key":"e_1_3_2_2_28_1","unstructured":"ExpressVPN. [n.d.]. High-Speed Secure & Anonymous VPN Service | ExpressVPN. https:\/\/www.expressvpn.com\/. (Accessed on 06\/02\/2020)."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.93"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590341"},{"key":"e_1_3_2_2_31_1","volume-title":"26th {USENIX} Security Symposium ({USENIX} Security 17).1323--1338.","author":"Felt Adrienne Porter","unstructured":"Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring {HTTPS } Adoption on the Web. In 26th {USENIX} Security Symposium ({USENIX} Security 17).1323--1338."},{"key":"e_1_3_2_2_32_1","unstructured":"Electronic Frontier Foundation. 2015. Russia's Wikipedia Ban Buckles Under HTTPS Encryption. https:\/\/www.eff.org\/deeplinks\/2015\/08\/russias-wikipedia-ban-buckles-under-https-encryption. (Accessed on 03\/12\/2020)."},{"key":"e_1_3_2_2_33_1","unstructured":"Patrick Nohe (GlobalSign). 2020. One Year Certificates - Maximum SSL\/TLS Certificate Validity is Now One Year. https:\/\/casecurity.org\/2020\/07\/09\/one-year-certs\/. (Accessed on 09\/07\/2020)."},{"key":"e_1_3_2_2_34_1","unstructured":"GoDaddy. 2019. EV SSL Certificate | Buy an Extended Validation Certificate -GoDaddy. https:\/\/www.godaddy.com\/web-security\/ev-ssl-certificate. (Accessed on 09\/21\/2020)."},{"key":"e_1_3_2_2_35_1","unstructured":"United States Dot Gov. 2020. Recent Updates. https:\/\/home.dotgov.gov\/. (Accessed on 05\/25\/2020)."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2015.90"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6844"},{"key":"e_1_3_2_2_38_1","volume-title":"Presented as part of the 21st USENIX Security Symposium (USENIX Security 12)","author":"Heninger Nadia","unstructured":"Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). USENIX, Bellevue, WA, 205--220. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/heninger"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"crossref","unstructured":"Jeff Hodges Collin Jackson and Adam Barth. 2012. Http strict transport security (hsts). (2012).","DOI":"10.17487\/rfc6797"},{"key":"e_1_3_2_2_40_1","unstructured":"ICANN. 2017. Country code top-level domain-ICANNWiki. https:\/\/icannwiki.org\/Country_code_top-level_domain. (Accessed on 03\/06\/2020)."},{"key":"e_1_3_2_2_41_1","volume-title":"A framework and improvements of the Korea cloud services certification system. The Scientific World Journal 2015","author":"Jeon Hangoo","year":"2015","unstructured":"Hangoo Jeon and Kwang-Kyu Seo. 2015. A framework and improvements of the Korea cloud services certification system. The Scientific World Journal 2015 (2015)."},{"key":"e_1_3_2_2_42_1","unstructured":"Dixon Jones. 2012. Majestic Million CSV now free for all daily. (Accessed on 09\/07\/2020)."},{"key":"e_1_3_2_2_43_1","unstructured":"Keechang Kim. 2018. Woes of government driven 'standard' - Korean PKI implementation1999--2018. https:\/\/www.standardsuniversity.org\/e-magazine\/october-2018-volume-9-issue-3-privacy-freedom-human-rights\/woes-of-government-driven-standard-korean-pki-implementation-1999-2018\/. (Accessed on 05\/29\/2020)."},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357127"},{"key":"e_1_3_2_2_45_1","unstructured":"Brian Krebs. 2019. It's Way Too Easy to Get a .gov Domain Name --- Krebs on Security. https:\/\/krebsonsecurity.com\/2019\/11\/its-way-too-easy-to-get-a-gov-domain-name\/. (Accessed on 05\/25\/2020)."},{"key":"e_1_3_2_2_46_1","volume-title":"26th { USENIX} Security Symposium ({ USENIX} Security 17).1339--1356.","author":"Krombholz Katharina","unstructured":"Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl. 2017. \" I Have No Idea What I'm Doing\"-On the Usability of Deploying {HTTPS }. In 26th { USENIX} Security Symposium ({ USENIX} Security 17).1339--1356."},{"key":"e_1_3_2_2_47_1","unstructured":"Adam Langley. 2012. SSL interstitial bypass rates."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"crossref","unstructured":"Ben Laurie and Cory Doctorow. 2012. Secure the internet. 325--326 pages.","DOI":"10.1038\/491325a"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"e_1_3_2_2_50_1","volume-title":"Proc. of the first International Workshop for Asian PKI, Korea. Citeseer.","author":"Lee Seok-Lae","year":"2001","unstructured":"Seok-Lae Lee, Jae-il Lee, and Hong-Sub Lee. 2001. Global PKI Interoperability: Korean Endeavour. In Proc. of the first International Workshop for Asian PKI, Korea. Citeseer."},{"key":"e_1_3_2_2_51_1","volume-title":"Shedding light on the adoption of let's encrypt. arXiv preprint arXiv:1611.00469","author":"Manousis Antonis","year":"2016","unstructured":"Antonis Manousis, Roy Ragsdale, Ben Draffin, Adwiteeya Agrawal, and Vyas Sekar. 2016. Shedding light on the adoption of let's encrypt. arXiv preprint arXiv:1611.00469 (2016)."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/sent.2015.23009"},{"key":"e_1_3_2_2_53_1","first-page":"336","article-title":"FedRAMP, Contracts, and the US Federal Government's Move to Cloud Computing: If an 800-Pound Gorilla Can't Tame the Cloud","volume":"17","author":"McGillivray Kevin","year":"2015","unstructured":"Kevin McGillivray. 2015. FedRAMP, Contracts, and the US Federal Government's Move to Cloud Computing: If an 800-Pound Gorilla Can't Tame the Cloud, Who Can. Colum. Sci. & Tech. L. Rev. 17 (2015), 336.","journal-title":"Who Can. Colum. Sci. & Tech. L. Rev."},{"key":"e_1_3_2_2_54_1","unstructured":"Microsoft. 2019. List of Participants - Microsoft Trusted Root Program. https:\/\/docs.microsoft.com\/en-us\/security\/trusted-root\/participants-list. (Accessed on 09\/07\/2020."},{"key":"e_1_3_2_2_55_1","unstructured":"Ariana Mirian Christopher Thompson Stefan Savage Geoffrey M Voelker and Adrienne Porter Felt. 2018. HTTPS Adoption in the Longtail. (2018)."},{"key":"e_1_3_2_2_56_1","volume-title":"This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory","author":"M\u00f6ller Bodo","year":"2014","unstructured":"Bodo M\u00f6ller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory (2014)."},{"key":"e_1_3_2_2_57_1","unstructured":"Mozilla. 2017. Mozilla Included CA Certificate List. https:\/\/wiki.mozilla.org\/CA\/Included_Certificates. (Accessed on 09\/07\/2020)."},{"key":"e_1_3_2_2_58_1","unstructured":"Mozilla. 2020. Cert Verifier - Extended Validation. https:\/\/hg.mozilla.org\/mozilla-central\/file\/tip\/security\/certverifier\/ExtendedValidation.cpp. (Accessed on 03\/04\/2020)."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2674991"},{"key":"e_1_3_2_2_60_1","volume-title":"National Law Information Center | Law&gt","author":"Ministry of Public Administration and Security. [n.d.].","year":"2020","unstructured":"Ministry of Public Administration and Security. [n.d.]. National Law Information Center | Law> Text-e-Government Law. http:\/\/law.go.kr\/LSW\/lsInfoP.do?lsiSeq=213795&ancYd=&ancNo=&efYd=20200805&nwJoYnInfo=Y&ancYnChk=0&efGubun=Y&vSct=%EC%A0%84%EC%9E%90%EC%A0%95%EB%B6%80%EB%B2%95#0000."},{"key":"e_1_3_2_2_61_1","volume-title":"National Law Information Center | Law&gt","author":"Ministry of Public Administration and Security. [n.d.].","year":"2061","unstructured":"Ministry of Public Administration and Security. [n.d.]. National Law Information Center | Law> Text-Enforcement Decree of the e-Government Act. http:\/\/law.go.kr\/LSW\/lsInfoP.do?lsiSeq=206157&ancYd=&ancNo=&efYd=20190101&nwJoYnInfo=Y&ancYnChk=0&efGubun=Y&vSct=%EC%A0%84%EC%9E%90%EC%A0%95%EB%B6%80%EB%B2%95#0000."},{"key":"e_1_3_2_2_62_1","unstructured":"OpenSSL. [n.d.]. OpenSSL: Cryptography and SSL\/TLS toolkit. https:\/\/www.openssl.org\/. (Accessed on 03\/06\/2020)."},{"key":"e_1_3_2_2_63_1","unstructured":"OpenSSL. [n.d.]. Verify - OpenSSL. https:\/\/www.openssl.org\/docs\/man1.0.2\/man1\/verify.html. (Accessed on 09\/21\/2020)."},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2017.1600981"},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.591"},{"key":"e_1_3_2_2_66_1","volume-title":"DOTGOV Online Trust in Government Act of","author":"Peters Gary C","year":"2019","unstructured":"Sen. Gary C Peters. 2019. DOTGOV Online Trust in Government Act of 2019. https:\/\/www.congress.gov\/bill\/116th-congress\/senate-bill\/2749\/text."},{"key":"e_1_3_2_2_67_1","unstructured":"Solarwinds Pingdom. 2012. The US hosts 43% of the world's top 1 million websites. https:\/\/www.pingdom.com\/blog\/united-states-hosts-43-percent-worlds-top-1-million-websites\/. (Accessed on 09\/12\/2020)."},{"key":"e_1_3_2_2_68_1","unstructured":"Yaroslava Ryabova. 2018. HTTPS does not mean a site is safe | Kaspersky official blog. https:\/\/www.kaspersky.com\/blog\/https-does-not-mean-safe\/20725\/. (Accessed on 03\/12\/2020)."},{"key":"e_1_3_2_2_69_1","volume-title":"URL: https:\/\/cloud. google. com\/files\/BigQueryTechnicalWP. pdf","author":"Sato Kazunori","year":"2012","unstructured":"Kazunori Sato. 2012. An inside look at google bigquery. White paper, URL: https:\/\/cloud. google. com\/files\/BigQueryTechnicalWP. pdf (2012)."},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278562"},{"key":"e_1_3_2_2_71_1","first-page":"59","article-title":"A Comparison Study between Korean Cloud Service Certification Systems and US FedRAMP","volume":"10","author":"Seo Kwang-Kyu","year":"2012","unstructured":"Kwang-Kyu Seo. 2012. A Comparison Study between Korean Cloud Service Certification Systems and US FedRAMP. Journal of digital convergence 10, 11 (2012), 59--65.","journal-title":"Journal of digital convergence"},{"key":"e_1_3_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.1591033"},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2078827.2078831"},{"key":"e_1_3_2_2_74_1","unstructured":"Chromium Google Open Source. 2019. EV UI Moving to Page Info. https:\/\/chromium.googlesource.com\/chromium\/src\/+\/HEAD\/docs\/security\/ev-to-page-info.md. (Accessed on 03\/04\/2020)."},{"key":"e_1_3_2_2_75_1","volume-title":"25th {USENIX} Security Symposium ({USENIX} Security 16).1015--1032.","author":"Stock Ben","unstructured":"Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, and Michael Backes. 2016. Hey, you have a problem: On the feasibility of large-scale web vulnerability notification. In 25th {USENIX} Security Symposium ({USENIX} Security 16).1015--1032."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2008.80"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2014.54"},{"key":"e_1_3_2_2_78_1","unstructured":"United States GSA. 2020. GSA\/data: Assorted data from the General Services Administration. https:\/\/github.com\/GSA\/data. (Accessed on 05\/28\/2020)."},{"key":"e_1_3_2_2_79_1","unstructured":"United States GSA. 2020. GSA\/govt-urls: This repo contains USA.gov's list of government URLs that don't end in .gov or .mil. https:\/\/github.com\/GSA\/govt-urls. (Accessed on 05\/28\/2020)."},{"key":"e_1_3_2_2_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987462"}],"event":{"name":"IMC '20: ACM Internet Measurement Conference","location":"Virtual Event USA","acronym":"IMC '20","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation"]},"container-title":["Proceedings of the ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423645","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3419394.3423645","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T23:35:45Z","timestamp":1765841745000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423645"}},"subtitle":["Measuring the Long Tail of Government https Adoption"],"short-title":[],"issued":{"date-parts":[[2020,10,27]]},"references-count":80,"alternative-id":["10.1145\/3419394.3423645","10.1145\/3419394"],"URL":"https:\/\/doi.org\/10.1145\/3419394.3423645","relation":{},"subject":[],"published":{"date-parts":[[2020,10,27]]},"assertion":[{"value":"2020-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}