{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T17:41:06Z","timestamp":1776102066770,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["NRF-2020R1C1C1009031"],"award-info":[{"award-number":["NRF-2020R1C1C1009031"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"name":"IITP","award":["2017-0-00168"],"award-info":[{"award-number":["2017-0-00168"]}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1916499, CNS-1850392, CNS-1703644, CNS-1651661, and OAC-1908021)"],"award-info":[{"award-number":["CNS-1916499, CNS-1850392, CNS-1703644, CNS-1651661, and OAC-1908021)"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR001118C0060, FA875019C0003"],"award-info":[{"award-number":["HR001118C0060, FA875019C0003"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3453100","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"407-420","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":32,"title":["Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem"],"prefix":"10.1145","author":[{"given":"Doowon","family":"Kim","sequence":"first","affiliation":[{"name":"University of Tennessee, Knoxville, Knoxville, TN, USA"}]},{"given":"Haehyun","family":"Cho","sequence":"additional","affiliation":[{"name":"Soongsil University, Seoul, South Korea"}]},{"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"given":"Adam","family":"Doup\u00e9","sequence":"additional","affiliation":[{"name":"Arizona State University, Phoenix, AZ, USA"}]},{"given":"Sooel","family":"Son","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, South Korea"}]},{"given":"Gail-Joon","family":"Ahn","sequence":"additional","affiliation":[{"name":"Arizona State University & Samsung Research, Phoenix, AZ, USA"}]},{"given":"Tudor","family":"Dumitras","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"crossref","unstructured":"1987. Domain names - implementation and specification. RFC 1035. https:\/\/doi.org\/10.17487\/RFC1035  1987. Domain names - implementation and specification. RFC 1035. https:\/\/doi.org\/10.17487\/RFC1035","DOI":"10.17487\/rfc1035"},{"key":"e_1_3_2_2_2_1","unstructured":"(Accessed on 10\/12\/2020). GitHub - elceef\/dnstwist: Domain name permutation engine for detecting homograph phishing attacks typo squatting and brand impersonation. https:\/\/github.com\/elceef\/dnstwist.  (Accessed on 10\/12\/2020). GitHub - elceef\/dnstwist: Domain name permutation engine for detecting homograph phishing attacks typo squatting and brand impersonation. https:\/\/github.com\/elceef\/dnstwist."},{"key":"e_1_3_2_2_3_1","unstructured":"(Accessed on 10\/12\/2020). RFC 2119: Key words for use in RFCs to Indicate Requirement Levels. https:\/\/tools.ietf.org\/html\/rfc2119.  (Accessed on 10\/12\/2020). RFC 2119: Key words for use in RFCs to Indicate Requirement Levels. https:\/\/tools.ietf.org\/html\/rfc2119."},{"key":"e_1_3_2_2_4_1","unstructured":"(Accessed on 10\/14\/2020). Alexa - Top sites. https:\/\/www.alexa.com\/topsites.  (Accessed on 10\/14\/2020). Alexa - Top sites. https:\/\/www.alexa.com\/topsites."},{"key":"e_1_3_2_2_5_1","unstructured":"(Accessed on 10\/14\/2020). Cisco Umbrella 1 Million - Cisco Umbrella. https:\/\/umbrella.cisco.com\/blog\/cisco-umbrella-1-million.  (Accessed on 10\/14\/2020). Cisco Umbrella 1 Million - Cisco Umbrella. https:\/\/umbrella.cisco.com\/blog\/cisco-umbrella-1-million."},{"key":"e_1_3_2_2_6_1","unstructured":"(Accessed on 10\/15\/2020). Anti-Phishing Working Group. https:\/\/apwg.org.  (Accessed on 10\/15\/2020). Anti-Phishing Working Group. https:\/\/apwg.org."},{"key":"e_1_3_2_2_7_1","unstructured":"(Accessed on 10\/15\/2020). Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. https:\/\/cabforum.org\/baseline-requirements-documents\/.  (Accessed on 10\/15\/2020). Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. https:\/\/cabforum.org\/baseline-requirements-documents\/."},{"key":"e_1_3_2_2_8_1","unstructured":"(Accessed on 10\/15\/2020). Certificate Revocation Lists: Certificates Revoked per Day. https:\/\/isc.sans.edu\/crls.html.  (Accessed on 10\/15\/2020). Certificate Revocation Lists: Certificates Revoked per Day. https:\/\/isc.sans.edu\/crls.html."},{"key":"e_1_3_2_2_9_1","unstructured":"(Accessed on 10\/15\/2020). Comodo Certification Practice Statement. https:\/\/sectigo.com\/uploads\/files\/Sectigo-CPS-v5.1.1.pdf.  (Accessed on 10\/15\/2020). Comodo Certification Practice Statement. https:\/\/sectigo.com\/uploads\/files\/Sectigo-CPS-v5.1.1.pdf."},{"key":"e_1_3_2_2_10_1","volume-title":"DigiCert: Certification Practices Statement-Version 5.4,September 29","author":"Accessed","year":"2020","unstructured":"( Accessed on 10\/15\/2020). DigiCert: Certification Practices Statement-Version 5.4,September 29 , 2020 ). https:\/\/www.digicert.com\/wp-content\/uploads\/2020\/09\/DigiCert-CPS-V.5.4.pdf . (Accessed on 10\/15\/2020). DigiCert: Certification Practices Statement-Version 5.4,September 29, 2020). https:\/\/www.digicert.com\/wp-content\/uploads\/2020\/09\/DigiCert-CPS-V.5.4.pdf ."},{"key":"e_1_3_2_2_11_1","unstructured":"(Accessed on 10\/15\/2020). DigiNotar SSL certificate hack amounts to cyberwar says expert. https:\/\/www.theguardian.com\/technology\/2011\/sep\/05\/diginotar-certificate-hack-cyberwar.  (Accessed on 10\/15\/2020). DigiNotar SSL certificate hack amounts to cyberwar says expert. https:\/\/www.theguardian.com\/technology\/2011\/sep\/05\/diginotar-certificate-hack-cyberwar."},{"key":"e_1_3_2_2_12_1","unstructured":"(Accessed on 10\/15\/2020). GlobalSign Certification Practice Statement. https:\/\/www.globalsign.com\/en\/repository\/GlobalSign_CPS_v9.2_final.pdf.  (Accessed on 10\/15\/2020). GlobalSign Certification Practice Statement. https:\/\/www.globalsign.com\/en\/repository\/GlobalSign_CPS_v9.2_final.pdf."},{"key":"e_1_3_2_2_13_1","volume-title":"Sept. 30","author":"Accessed","year":"2020","unstructured":"( Accessed on 10\/15\/2020). Go Daddy Certificate Policy and Certification Practice Statement (CP\/CPS) -- Version 4.8 , Sept. 30 , 2020 . https:\/\/certs.godaddy.com\/repository. (Accessed on 10\/15\/2020). Go Daddy Certificate Policy and Certification Practice Statement (CP\/CPS) -- Version 4.8, Sept. 30, 2020. https:\/\/certs.godaddy.com\/repository."},{"key":"e_1_3_2_2_14_1","unstructured":"(Accessed on 10\/15\/2020). HEARTBLEED UPDATE (V3). https:\/\/blogs.akamai.com\/2014\/04\/heartbleed-update-v3.html.  (Accessed on 10\/15\/2020). HEARTBLEED UPDATE (V3). https:\/\/blogs.akamai.com\/2014\/04\/heartbleed-update-v3.html."},{"key":"e_1_3_2_2_15_1","unstructured":"(Accessed on 10\/15\/2020). Internet Crime Complaint Center (IC3) | Cyber Actors Exploit 'Secure' Websites In Phishing Campaigns. https:\/\/www.ic3.gov\/Media\/Y2019\/PSA190610.  (Accessed on 10\/15\/2020). Internet Crime Complaint Center (IC3) | Cyber Actors Exploit 'Secure' Websites In Phishing Campaigns. https:\/\/www.ic3.gov\/Media\/Y2019\/PSA190610."},{"key":"e_1_3_2_2_16_1","unstructured":"(Accessed on 10\/15\/2020). Internet Security Research Group (ISRG) Certification Practice Statement-v2.9. https:\/\/letsencrypt.org\/documents\/isrg-cps-v2.9\/.  (Accessed on 10\/15\/2020). Internet Security Research Group (ISRG) Certification Practice Statement-v2.9. https:\/\/letsencrypt.org\/documents\/isrg-cps-v2.9\/."},{"key":"e_1_3_2_2_17_1","unstructured":"(Accessed on 10\/15\/2020). Majestic Million - Majestic. https:\/\/majestic.com\/reports\/majestic-million.  (Accessed on 10\/15\/2020). Majestic Million - Majestic. https:\/\/majestic.com\/reports\/majestic-million."},{"key":"e_1_3_2_2_18_1","unstructured":"(Accessed on 10\/15\/2020). More Than Half of Phishing Sites Now Use HTTPS. https:\/\/info.phishlabs.com\/blog\/more-than-half-of-phishing-sites-use-https.  (Accessed on 10\/15\/2020). More Than Half of Phishing Sites Now Use HTTPS. https:\/\/info.phishlabs.com\/blog\/more-than-half-of-phishing-sites-use-https."},{"key":"e_1_3_2_2_19_1","unstructured":"(Accessed on 10\/15\/2020). Phishing Schemes Are Using HTTPS Encrypted Sites to Seem Legit | WIRED. https:\/\/www.wired.com\/story\/phishing-schemes-use-encrypted-sites-to-seem-legit\/.  (Accessed on 10\/15\/2020). Phishing Schemes Are Using HTTPS Encrypted Sites to Seem Legit | WIRED. https:\/\/www.wired.com\/story\/phishing-schemes-use-encrypted-sites-to-seem-legit\/."},{"key":"e_1_3_2_2_20_1","unstructured":"(Accessed on 10\/15\/2020). The Results of the Cloud Flare Challenge. https:\/\/blog.cloudflare.com\/the-results-of-the-cloudflare-challenge.  (Accessed on 10\/15\/2020). The Results of the Cloud Flare Challenge. https:\/\/blog.cloudflare.com\/the-results-of-the-cloudflare-challenge."},{"issue":"2","key":"e_1_3_2_2_21_1","first-page":"30","article-title":")","volume":"5","author":"Accessed","year":"2020","unstructured":"( Accessed on 10\/15\/ 2020 ) . Sectigo Certification Practice Statement-CPS Version 5 . 2 .2, September 30 , 2020. https:\/\/sectigo.com\/uploads\/files\/Sectigo-CPS-v5_2_2.pdf . (Accessed on 10\/15\/2020). Sectigo Certification Practice Statement-CPS Version 5.2.2, September 30, 2020. https:\/\/sectigo.com\/uploads\/files\/Sectigo-CPS-v5_2_2.pdf .","journal-title":"Sectigo Certification Practice Statement-CPS Version"},{"key":"e_1_3_2_2_22_1","unstructured":"(Accessed on 10\/16\/2020). VirusTotal. https:\/\/www.virustotal.com\/gui\/.  (Accessed on 10\/16\/2020). VirusTotal. https:\/\/www.virustotal.com\/gui\/."},{"key":"e_1_3_2_2_24_1","unstructured":"(accessed September 14 2020). APWG eCrime Exchange. https:\/\/apwg.org\/ecx\/.  (accessed September 14 2020). APWG eCrime Exchange. https:\/\/apwg.org\/ecx\/."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363192"},{"key":"e_1_3_2_2_26_1","volume-title":"Proceedings of the 22nd Network and Distributed System Security Symposium(NDSS","author":"Agten Pieter","year":"2015","unstructured":"Pieter Agten , Wouter Joosen , Frank Piessens , and Nick Nikiforakis . 2015 . Seven months' worth of mistakes: A longitudinal study of typo squatting abuse . In Proceedings of the 22nd Network and Distributed System Security Symposium(NDSS 2015). Internet Society. Pieter Agten, Wouter Joosen, Frank Piessens, and Nick Nikiforakis. 2015. Seven months' worth of mistakes: A longitudinal study of typo squatting abuse. In Proceedings of the 22nd Network and Distributed System Security Symposium(NDSS 2015). Internet Society."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"crossref","unstructured":"R. Barnes J. Hoffman-Andrews D. McCarney and J. Kasten. 2019. Automatic Certificate Management Environment (ACME). RFC 8555. RFC Editor.  R. Barnes J. Hoffman-Andrews D. McCarney and J. Kasten. 2019. Automatic Certificate Management Environment (ACME). RFC 8555. RFC Editor.","DOI":"10.17487\/RFC8555"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"crossref","unstructured":"D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List(CRL) Profile. RFC 5280. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc5280.txt http:\/\/www.rfc-editor.org\/rfc\/rfc5280.txt.  D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List(CRL) Profile. RFC 5280. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc5280.txt http:\/\/www.rfc-editor.org\/rfc\/rfc5280.txt.","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s001459900030"},{"key":"e_1_3_2_2_30_1","volume-title":"Proceedings of the 2013 Conference on Internet Measurement Conference (IMC '13)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric , James Kasten , Michael Bailey , and J. Alex Halderman . 2013. Analysis of the HTTPS Certificate Ecosystem . In Proceedings of the 2013 Conference on Internet Measurement Conference (IMC '13) . New York, NY, USA, 291--304. Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman. 2013. Analysis of the HTTPS Certificate Ecosystem. In Proceedings of the 2013 Conference on Internet Measurement Conference (IMC '13). New York, NY, USA, 291--304."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_2_32_1","volume-title":"12th Symposium on Usable Privacy and Security (SOUPS '16)","author":"Felt Adrienne Porter","year":"2016","unstructured":"Adrienne Porter Felt , Robert W Reeder , Alex Ainslie , Helen Harris , Max Walker , Christopher Thompson , Mustafa Embre Acer , Elisabeth Morant , and Sunny Consolvo . 2016 . Rethinking connection security indicators . In 12th Symposium on Usable Privacy and Security (SOUPS '16) . 1--14. Adrienne Porter Felt, Robert W Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo. 2016. Rethinking connection security indicators. In 12th Symposium on Usable Privacy and Security (SOUPS '16). 1--14."},{"key":"e_1_3_2_2_33_1","unstructured":"Google. (Accessed on 10\/15\/2020). Google Safe Browsing -- Google Transparency Report. https:\/\/transparencyreport.google.com\/safe-browsing\/overview?hl=en.  Google. (Accessed on 10\/15\/2020). Google Safe Browsing -- Google Transparency Report. https:\/\/transparencyreport.google.com\/safe-browsing\/overview?hl=en."},{"key":"e_1_3_2_2_34_1","volume-title":"Proceedings of the Annual Conference on USENIX '06 Annual Technical Conference (ATEC '06)","author":"Holgers Tobias","unstructured":"Tobias Holgers , David E. Watson , and Steven D. Gribble . 2006. Cutting Through the Confusion: A Measurement Study of Homograph Attacks . In Proceedings of the Annual Conference on USENIX '06 Annual Technical Conference (ATEC '06) . USENIX Association, Berkeley, CA, USA, 24--24. Tobias Holgers, David E. Watson, and Steven D. Gribble. 2006. Cutting Through the Confusion: A Measurement Study of Homograph Attacks. In Proceedings of the Annual Conference on USENIX '06 Annual Technical Conference (ATEC '06). USENIX Association, Berkeley, CA, USA, 24--24."},{"key":"e_1_3_2_2_35_1","volume-title":"The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI. In27th USENIX Security Symposium (USENIX Security 18)","author":"Kim Doowon","year":"2018","unstructured":"Doowon Kim , Bum Jun Kwon , Kristi\u00e1n Koz\u00e1k , Christopher Gates , and Tudor Dumitras . 2018 . The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI. In27th USENIX Security Symposium (USENIX Security 18) . USENIX Association, Baltimore, MD, 851--868. Doowon Kim, Bum Jun Kwon, Kristi\u00e1n Koz\u00e1k, Christopher Gates, and Tudor Dumitras. 2018. The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI. In27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 851--868."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134002"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134002"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"crossref","unstructured":"Katharina Krombholz Karoline Busse Katharina Pfeffer Matthew Smith and Emanuel von Zezschwitz. 2019. \"If HTTPS Were Secure I Wouldn't Need 2FA\"-End User and Administrator Mental Models of HTTPS. IEEE Security & Privacy(2019).  Katharina Krombholz Karoline Busse Katharina Pfeffer Matthew Smith and Emanuel von Zezschwitz. 2019. \"If HTTPS Were Secure I Wouldn't Need 2FA\"-End User and Administrator Mental Models of HTTPS. IEEE Security & Privacy(2019).","DOI":"10.1109\/SP.2019.00060"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"crossref","unstructured":"B. Laurie A. Langley and E. Kasper. 2013.Certificate Transparency. RFC 6962. RFC Editor.  B. Laurie A. Langley and E. Kasper. 2013.Certificate Transparency. RFC 6962. RFC Editor.","DOI":"10.17487\/rfc6962"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815685"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"crossref","unstructured":"M. Lochter and J. Merkle. 2010. Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation. RFC 5639. RFC Editor.  M. Lochter and J. Merkle. 2010. Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation. RFC 5639. RFC Editor.","DOI":"10.17487\/rfc5639"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.5555\/3359012.3359021"},{"key":"e_1_3_2_2_44_1","unstructured":"Trend Micro. 2019. Security News: HTTPS Protocol Now Used in 58% of Phishing Websites. https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/cybercrime-and-digital-threats\/https-protocol-now-used-in-58-of-phishing-websites. (Accessed on 10\/15\/2020).  Trend Micro. 2019. Security News: HTTPS Protocol Now Used in 58% of Phishing Websites. https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/cybercrime-and-digital-threats\/https-protocol-now-used-in-58-of-phishing-websites. (Accessed on 10\/15\/2020)."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1299015.1299016"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488474"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00049"},{"key":"e_1_3_2_2_48_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security 20)","author":"Oest Adam","year":"2020","unstructured":"Adam Oest , Penghui Zhang , Brad Wardman , Eric Nunes , Jakub Burgis , Ali Zand , Kurt Thomas , Adam Doup\u00e9 , and Gail-Joon Ahn . 2020 . Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale . In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20) . Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale. In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20)."},{"key":"e_1_3_2_2_49_1","unstructured":"Federal Bureau of Investigation. (Accessed on 10\/14\/2020). 2019 Internet Crime Report. https:\/\/pdf.ic3.gov\/2019_IC3Report.pdf.  Federal Bureau of Investigation. (Accessed on 10\/14\/2020). 2019 Internet Crime Report. https:\/\/pdf.ic3.gov\/2019_IC3Report.pdf."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329818"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363188"},{"key":"e_1_3_2_2_52_1","volume-title":"13th Symposium on Usable Privacy and Security (SOUPS '17)","author":"Ruoti Scott","year":"2017","unstructured":"Scott Ruoti , Tyler Monson , Justin Wu , Daniel Zappala , and Kent Seamons . 2017 . Weighing context and trade-offs: How suburban adults selected their online security posture . In 13th Symposium on Usable Privacy and Security (SOUPS '17) . Scott Ruoti, Tyler Monson, Justin Wu, Daniel Zappala, and Kent Seamons. 2017.Weighing context and trade-offs: How suburban adults selected their online security posture. In 13th Symposium on Usable Privacy and Security (SOUPS '17)."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"crossref","unstructured":"S. Santesson M. Myers R. Ankney A. Malpani S. Galperin and C. Adams. 2013.X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc6960.txt http:\/\/www.rfc-editor.org\/rfc\/rfc6960.txt.  S. Santesson M. Myers R. Ankney A. Malpani S. Galperin and C. Adams. 2013.X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc6960.txt http:\/\/www.rfc-editor.org\/rfc\/rfc6960.txt.","DOI":"10.17487\/rfc6960"},{"key":"e_1_3_2_2_54_1","volume-title":"Proceedings of the Internet Measurement Conference","author":"Scheitle Quirin","year":"2018","unstructured":"Quirin Scheitle , Oliver Gasser , Theodor Nolte , Johanna Amann , Lexi Brent , Georg Carle , Ralph Holz , Thomas C Schmidt , and Matthias W\u00e4hlisch . 2018 . The rise of certificate transparency and its implications on the Internet ecosystem . In Proceedings of the Internet Measurement Conference 2018. 343--349. Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C Schmidt, and Matthias W\u00e4hlisch. 2018. The rise of certificate transparency and its implications on the Internet ecosystem. In Proceedings of the Internet Measurement Conference 2018. 343--349."},{"key":"e_1_3_2_2_55_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Thompson Christopher","year":"2019","unstructured":"Christopher Thompson , Martin Shelton , Emily Stark , Maximilian Walker , Emily Schechter , and Adrienne Porter Felt . 2019 . The web's identity crisis: under-standing the effectiveness of website identity indicators . In 28th USENIX Security Symposium (USENIX Security 19) . 1715--1732. Christopher Thompson, Martin Shelton, Emily Stark, Maximilian Walker, Emily Schechter, and Adrienne Porter Felt. 2019. The web's identity crisis: under-standing the effectiveness of website identity indicators. In 28th USENIX Security Symposium (USENIX Security 19). 1715--1732."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278569"},{"key":"e_1_3_2_2_57_1","volume-title":"Proceedings of the 2016 Internet Measurement Conference(IMC '16)","author":"Sloot Benjamin Vander","unstructured":"Benjamin Vander Sloot , Johanna Amann , Matthew Bernhard , Zakir Durumeric , Michael Bailey , and J Alex Halderman . [n.d.]. Towards a complete view of the certificate ecosystem . In Proceedings of the 2016 Internet Measurement Conference(IMC '16) . Benjamin Vander Sloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J Alex Halderman. [n.d.]. Towards a complete view of the certificate ecosystem. In Proceedings of the 2016 Internet Measurement Conference(IMC '16)."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/18.54902"},{"key":"e_1_3_2_2_59_1","volume-title":"Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement (IMC '09)","author":"Yilek Scott","unstructured":"Scott Yilek , Eric Rescorla , Hovav Shacham , Brandon Enright , and Stefan Savage .2009. When Private Keys Are Public: Results from the 2008 Debian OpenSSL Vulnerability . In Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement (IMC '09) . ACM, New York, NY, USA, 15--27. Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, and Stefan Savage.2009. When Private Keys Are Public: Results from the 2008 Debian OpenSSL Vulnerability. In Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement (IMC '09). ACM, New York, NY, USA, 15--27."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663758"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00021"}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453100","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3453100","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3453100","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:12Z","timestamp":1750193292000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453100"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":60,"alternative-id":["10.1145\/3433210.3453100","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3453100","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}