{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:12Z","timestamp":1750220652730,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000028","name":"Semiconductor Research Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000028","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004801","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS 1900996"],"award-info":[{"award-number":["CNS 1900996"]}],"id":[{"id":"10.13039\/501100004801","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002790","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002790","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000879","name":"Alfred P. Sloan Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000879","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427284","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"655-668","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["CAPS: Smoothly Transitioning to a More Resilient Web PKI"],"prefix":"10.1145","author":[{"given":"Stephanos","family":"Matsumoto","sequence":"first","affiliation":[{"name":"Olin College of Engineering, United States of America"}]},{"given":"Jay","family":"Bosamiya","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Yucheng","family":"Dai","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Paul","family":"van Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University"}]},{"given":"Bryan","family":"Parno","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Apple. 2019. Apple\u2019s Certificate Transparency policy. https:\/\/support.apple.com\/en-us\/HT205280.  Apple. 2019. Apple\u2019s Certificate Transparency policy. https:\/\/support.apple.com\/en-us\/HT205280."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Roy Arends Rob Austein Matt Larson Dan Massey and Scott Rose. 2005. DNS Security Introduction and Requirements. RFC 4033.  Roy Arends Rob Austein Matt Larson Dan Massey and Scott Rose. 2005. DNS Security Introduction and Requirements. RFC 4033.","DOI":"10.17487\/rfc4033"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660298"},{"key":"e_1_3_2_1_4_1","unstructured":"M. Bishop Nick Sullivan and M. Thomson. 2019. Secondary Certificate Authentication in HTTP\/2. IETF Internet Draft https:\/\/tools.ietf.org\/html\/draft-ietf-httpbis-http2-secondary-certs-05.  M. Bishop Nick Sullivan and M. Thomson. 2019. Secondary Certificate Authentication in HTTP\/2. IETF Internet Draft https:\/\/tools.ietf.org\/html\/draft-ietf-httpbis-http2-secondary-certs-05."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/362686.362692"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"David Cooper Stefan Santesson Stephen Farrell Sharon Boeyen Russell Housley and Tim Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.  David Cooper Stefan Santesson Stephen Farrell Sharon Boeyen Russell Housley and Tim Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.","DOI":"10.17487\/rfc5280"},{"volume-title":"Efficient Data Structures For Tamper-Evident Logging. In USENIX Security Symposium. 317\u2013334","author":"A.","key":"e_1_3_2_1_7_1"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1162\/089120100561601"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2012.04.023"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.  Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.","DOI":"10.17487\/rfc5246"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"volume-title":"ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium, Vol.\u00a08. 47\u201353","year":"2013","author":"Durumeric Zakir","key":"e_1_3_2_1_12_1"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Donald Eastlake. 2011. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066.  Donald Eastlake. 2011. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066.","DOI":"10.17487\/rfc6066"},{"key":"e_1_3_2_1_14_1","unstructured":"[\n  14\n  ]  Let\u2019s Encrypt.[n.d.]. http:\/\/letsencrypt.org.  [14] Let\u2019s Encrypt.[n.d.]. http:\/\/letsencrypt.org."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Chris Evans Chris Palmer and Ryan Sleevi. 2015. Public Key Pinning Extension for HTTP. RFC 7469.  Chris Evans Chris Palmer and Ryan Sleevi. 2015. Public Key Pinning Extension for HTTP. RFC 7469.","DOI":"10.17487\/RFC7469"},{"issue":"6","key":"e_1_3_2_1_16_1","first-page":"8","article-title":"Guidelines for the Issuance and Management of Extended Validation Certificates","volume":"1","author":"Forum Browser","year":"2018","journal-title":"Version"},{"key":"e_1_3_2_1_17_1","unstructured":"Electronic\u00a0Frontier Foundation. [n.d.]. HTTPS Everywhere. https:\/\/www.eff.org\/https-everywhere.  Electronic\u00a0Frontier Foundation. [n.d.]. HTTPS Everywhere. https:\/\/www.eff.org\/https-everywhere."},{"key":"e_1_3_2_1_18_1","unstructured":"Mark Goodwin. 2015. Revoking Intermediate Certificates: Introducing OneCRL. https:\/\/blog.mozilla.org\/security\/2015\/03\/03\/revoking-intermediate-certificates-introducing-onecrl\/.  Mark Goodwin. 2015. Revoking Intermediate Certificates: Introducing OneCRL. https:\/\/blog.mozilla.org\/security\/2015\/03\/03\/revoking-intermediate-certificates-introducing-onecrl\/."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Jeff Hodges Collin Jackson and Adam Barth. 2012. HTTP Strict Transport Security (HSTS). RFC 6797.  Jeff Hodges Collin Jackson and Adam Barth. 2012. HTTP Strict Transport Security (HSTS). RFC 6797.","DOI":"10.17487\/rfc6797"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Paul Hoffman and Jakob Schlyter. 2012. The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698.  Paul Hoffman and Jakob Schlyter. 2012. The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698.","DOI":"10.17487\/rfc6698"},{"key":"e_1_3_2_1_21_1","unstructured":"[\n  21\n  ]  Smart HTTPS.[n.d.]. https:\/\/mybrowseraddon.com\/smart-https.html.  [21] Smart HTTPS.[n.d.]. https:\/\/mybrowseraddon.com\/smart-https.html."},{"volume-title":"International World Wide Web Conference (WWW). 679\u2013690","year":"2013","author":"Hyun-Jin Kim Tiffany","key":"e_1_3_2_1_22_1"},{"key":"e_1_3_2_1_23_1","unstructured":"Adam Langley. 2012. Revocation checking and Chrome\u2019s CRL. https:\/\/www.imperialviolet.org\/2012\/02\/05\/crlsets.html.  Adam Langley. 2012. Revocation checking and Chrome\u2019s CRL. https:\/\/www.imperialviolet.org\/2012\/02\/05\/crlsets.html."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.17"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659897"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962.  Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962.","DOI":"10.17487\/rfc6962"},{"volume-title":"ZPAQ: Incremental Journaling Backup Utility and Archiver","year":"2019","author":"Mahoney Matt","key":"e_1_3_2_1_27_1"},{"key":"e_1_3_2_1_28_1","unstructured":"Moxie Marlinspike. 2009. New Tricks for Defeating SSL in Practice. http:\/\/www.thoughtcrime.org\/software\/sslstrip\/.  Moxie Marlinspike. 2009. New Tricks for Defeating SSL in Practice. http:\/\/www.thoughtcrime.org\/software\/sslstrip\/."},{"key":"e_1_3_2_1_29_1","unstructured":"Moxie Marlinspike and Trevor Perrin. 2013. Trust Assertions for Certificate Keys. https:\/\/tools.ietf.org\/html\/draft-perrin-tls-tack-02 (work in progress).  Moxie Marlinspike and Trevor Perrin. 2013. Trust Assertions for Certificate Keys. https:\/\/tools.ietf.org\/html\/draft-perrin-tls-tack-02 (work in progress)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Ralph\u00a0C. Merkle. 1988. A Digital Signature Based on a Conventional Encryption Function. Advances in Cryptology (CRYPTO)(1988) 369\u2013378.  Ralph\u00a0C. Merkle. 1988. A Digital Signature Based on a Conventional Encryption Function. Advances in Cryptology (CRYPTO)(1988) 369\u2013378.","DOI":"10.1007\/3-540-48184-2_32"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Paul Mockapetris. 1987. Domain Names \u2013 Implementation and Specification. RFC 1035.  Paul Mockapetris. 1987. Domain Names \u2013 Implementation and Specification. RFC 1035.","DOI":"10.17487\/rfc1035"},{"key":"e_1_3_2_1_32_1","unstructured":"Chris Palmer Rich Baldry Andrew Meyer Jochen Eisinger Ryan Sleevi Rick Byers Phillip Hallam-Baker Ryan Lester and Joe Medley. 2017. Intent to Deprecate and Remove: Public-Key Pinning. Chromium mailing list https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/blink-dev\/he9tr7p3rZ8.  Chris Palmer Rich Baldry Andrew Meyer Jochen Eisinger Ryan Sleevi Rick Byers Phillip Hallam-Baker Ryan Lester and Joe Medley. 2017. Intent to Deprecate and Remove: Public-Key Pinning. Chromium mailing list https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/blink-dev\/he9tr7p3rZ8."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.  Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.","DOI":"10.17487\/RFC8446"},{"volume-title":"Enhanced Certificate Transparency and End-to-End Encrypted Mail. In Network and Distributed System Security Symposium (NDSS).","year":"2014","author":"Ryan D","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1186\/1748-7188-9-2"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Stefan Santesson Michael Myers Rich Ankney Ambarish Malpani Slava Galperin and Carlisle Adams. 2013. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960.  Stefan Santesson Michael Myers Rich Ankney Ambarish Malpani Slava Galperin and Carlisle Adams. 2013. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960.","DOI":"10.17487\/rfc6960"},{"key":"e_1_3_2_1_37_1","unstructured":"Ryan Sleevi. 2015. Sustaining Digital Certificate Security. https:\/\/googleonlinesecurity.blogspot.com\/2015\/10\/sustaining-digital-certificate-security.html.  Ryan Sleevi. 2015. Sustaining Digital Certificate Security. https:\/\/googleonlinesecurity.blogspot.com\/2015\/10\/sustaining-digital-certificate-security.html."},{"volume-title":"Announcement: Requiring Certificate Transparency in 2017. https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!msg\/ct-policy\/78N3SMcqUGw\/ykIwHXuqAQAJ.","year":"2016","author":"Sleevi Ryan","key":"e_1_3_2_1_38_1"},{"key":"e_1_3_2_1_39_1","unstructured":"Ryan Sleevi and Devon O\u2019Brien. 2017. Certificate Transparency Log Policy. https:\/\/github.com\/chromium\/ct-policy\/blob\/master\/log_policy.md.  Ryan Sleevi and Devon O\u2019Brien. 2017. Certificate Transparency Log Policy. https:\/\/github.com\/chromium\/ct-policy\/blob\/master\/log_policy.md."},{"key":"e_1_3_2_1_40_1","unstructured":"Nick Sullivan. 2019. Exported Authenticators in TLS. IETF Internet Draft https:\/\/tools.ietf.org\/html\/draft-ietf-tls-exported-authenticator-10.  Nick Sullivan. 2019. Exported Authenticators in TLS. IETF Internet Draft https:\/\/tools.ietf.org\/html\/draft-ietf-tls-exported-authenticator-10."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660355"},{"key":"e_1_3_2_1_42_1","unstructured":"Filippo Valsorda. 2015. Komodia\/Superfish SSL Validation is Broken. https:\/\/blog.filippo.io\/komodia-superfish-ssl-validation-is-broken\/.  Filippo Valsorda. 2015. Komodia\/Superfish SSL Validation is Broken. https:\/\/blog.filippo.io\/komodia-superfish-ssl-validation-is-broken\/."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987462"},{"key":"e_1_3_2_1_44_1","unstructured":"Verisign. 2017. The Verisign Domain Name Industry Brief. https:\/\/www.verisign.com\/assets\/domain-name-report-Q42016.pdf.  Verisign. 2017. The Verisign Domain Name Industry Brief. https:\/\/www.verisign.com\/assets\/domain-name-report-Q42016.pdf."},{"key":"e_1_3_2_1_45_1","first-page":"11","article-title":"DTKI","volume":"59","author":"Yu Jiangshan","year":"2016","journal-title":"A New Formalized PKI with Verifiable Trusted Parties. Comput. J."}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","acronym":"ACSAC '20","location":"Austin USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427284","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427284","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:25Z","timestamp":1750197745000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427284"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":45,"alternative-id":["10.1145\/3427228.3427284","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427284","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}