{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:08:06Z","timestamp":1771330086597,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":113,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,2]],"date-time":"2021-11-02T00:00:00Z","timestamp":1635811200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,2]]},"DOI":"10.1145\/3487552.3487813","type":"proceedings-article","created":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T17:35:11Z","timestamp":1635788111000},"page":"179-194","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Tracing your roots"],"prefix":"10.1145","author":[{"given":"Zane","family":"Ma","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology"}]},{"given":"James","family":"Austgen","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Joshua","family":"Mason","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Zakir","family":"Durumeric","sequence":"additional","affiliation":[{"name":"Stanford University"}]},{"given":"Michael","family":"Bailey","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]}],"member":"320","published-online":{"date-parts":[[2021,11,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. About the security partial trust allow list. https:\/\/support.apple.com\/en-gb\/HT204938."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. Add 2 new SECOM root certificates. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1313982."},{"key":"e_1_3_2_1_3_1","unstructured":"[n.d.]. Add Asseco DS \/ Certum root certificates. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1598577."},{"key":"e_1_3_2_1_4_1","unstructured":"[n.d.]. Add Autoridad de Certificacion Raiz del Estado Venezolano root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1302431."},{"key":"e_1_3_2_1_5_1","unstructured":"[n.d.]. Add CA Root certificate (Brazil's National PKI). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=438825."},{"key":"e_1_3_2_1_6_1","unstructured":"[n.d.]. Add Chunghwa Telecom's HiPKI Root CA -G1 Certificate to NSS. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1563417."},{"key":"e_1_3_2_1_7_1","unstructured":"[n.d.]. Add Cisco Root CA Cert. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=416842."},{"key":"e_1_3_2_1_8_1","unstructured":"[n.d.]. Add D-TRUST Root CA 3 2013 to NSS. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1348132."},{"key":"e_1_3_2_1_9_1","unstructured":"[n.d.]. Add DigiCert non-TLS Intermediate Certs to OneCRL. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1404501."},{"key":"e_1_3_2_1_10_1","unstructured":"[n.d.]. Add Digidentity Service Root Certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1558450."},{"key":"e_1_3_2_1_11_1","unstructured":"[n.d.]. Add e-commerce monitoring's GLOBALTRUST 2020 root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1627552."},{"key":"e_1_3_2_1_12_1","unstructured":"[n.d.]. Add \"Fina Root CA\" root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1449941."},{"key":"e_1_3_2_1_13_1","unstructured":"[n.d.]. add Finnish Population Register Centre's Root CA Certificates. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=463989."},{"key":"e_1_3_2_1_14_1","volume-title":"Add GLOBALTRUST 2015 root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1440271","unstructured":"[n.d.]. Add GLOBALTRUST 2015 root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1440271."},{"key":"e_1_3_2_1_15_1","unstructured":"[n.d.]. Add MOI GPKI Root CA certificate(s). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1226100."},{"key":"e_1_3_2_1_16_1","unstructured":"[n.d.]. Add MULTICERT Root Certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1040072."},{"key":"e_1_3_2_1_17_1","unstructured":"[n.d.]. Add OATI's Root CA Certificate to Mozilla's trusted root list. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=848766."},{"key":"e_1_3_2_1_18_1","unstructured":"[n.d.]. Add PostSignum root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=643398."},{"key":"e_1_3_2_1_19_1","unstructured":"[n.d.]. Add PostSignum Root QCA 4 to Root Store. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1602415."},{"key":"e_1_3_2_1_20_1","unstructured":"[n.d.]. Add Renewed AC Camerfirma root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=986854."},{"key":"e_1_3_2_1_21_1","unstructured":"[n.d.]. Add Renewed ACEDICOM root certificate(s). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1239329."},{"key":"e_1_3_2_1_22_1","unstructured":"[n.d.]. Add Symantec-brand Class 1 and Class 2 roots. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=833986."},{"key":"e_1_3_2_1_23_1","unstructured":"[n.d.]. Add Telia CA root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1664161."},{"key":"e_1_3_2_1_24_1","unstructured":"[n.d.]. Add TunRootCA2 root certificate(s). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1233645."},{"key":"e_1_3_2_1_25_1","unstructured":"[n.d.]. Add TunTrust Root CA root certificate. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1587779."},{"key":"e_1_3_2_1_26_1","unstructured":"[n.d.]. Android ca-certificates. https:\/\/android.googlesource.com\/platform\/system\/ca-certificates."},{"key":"e_1_3_2_1_27_1","unstructured":"[n.d.]. BearSSL. https:\/\/bearssl.org\/."},{"key":"e_1_3_2_1_28_1","unstructured":"[n.d.]. BoringSSL. https:\/\/boringssl.googlesource.com\/boringssl\/."},{"key":"e_1_3_2_1_29_1","unstructured":"[n.d.]. Botan: Crypto and TLS for Modern C++. https:\/\/github.com\/randombit\/botan."},{"key":"e_1_3_2_1_30_1","unstructured":"[n.d.]. Bouncy Castle. http:\/\/git.bouncycastle.org\/index.html."},{"key":"e_1_3_2_1_31_1","unstructured":"[n.d.]. ca-certificates: Removal of GeoTrust Global CA requires investigation. https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=962596."},{"key":"e_1_3_2_1_32_1","unstructured":"[n.d.]. ca-certificates should remove Symantec certs. https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=911289."},{"key":"e_1_3_2_1_33_1","unstructured":"[n.d.]. CA\/Additional Trust Changes. https:\/\/wiki.mozilla.org\/CA\/Additional_Trust_Changes."},{"key":"e_1_3_2_1_34_1","unstructured":"[n.d.]. CA:Camerfirma Issues. https:\/\/wiki.mozilla.org\/CA:Camerfirma_Issues."},{"key":"e_1_3_2_1_35_1","unstructured":"[n.d.]. CAcert root cert inclusion into browser. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=215243."},{"key":"e_1_3_2_1_36_1","unstructured":"[n.d.]. CA\/Certinomis Issues. https:\/\/wiki.mozilla.org\/CA\/Certinomis_Issues."},{"key":"e_1_3_2_1_37_1","unstructured":"[n.d.]. CA\/Certinomis Issues. https:\/\/wiki.mozilla.org\/CA\/Certinomis_Issues."},{"key":"e_1_3_2_1_38_1","unstructured":"[n.d.]. CA:PROCERT Issues. https:\/\/wiki.mozilla.org\/CA:PROCERT_Issues."},{"key":"e_1_3_2_1_39_1","unstructured":"[n.d.]. CA:Symantec Issues. https:\/\/wiki.mozilla.org\/CA:Symantec_Issues."},{"key":"e_1_3_2_1_40_1","unstructured":"[n.d.]. CA:WoSign Issues. https:\/\/wiki.mozilla.org\/CA:WoSign_Issues."},{"key":"e_1_3_2_1_41_1","unstructured":"[n.d.]. Chrome Root Program. https:\/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy."},{"key":"e_1_3_2_1_42_1","unstructured":"[n.d.]. CNNIC Action Items. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1177209."},{"key":"e_1_3_2_1_43_1","unstructured":"[n.d.]. cryptlib. https:\/\/www.cs.auckland.ac.nz\/~pgut001\/cryptlib\/."},{"key":"e_1_3_2_1_44_1","unstructured":"[n.d.]. crypto: add deprecated ValiCert CA for cross cert. https:\/\/github.com\/nodejs\/node\/pull\/1135."},{"key":"e_1_3_2_1_45_1","unstructured":"[n.d.]. Debian ca-certificates. https:\/\/salsa.debian.org\/debian\/ca-certificates."},{"key":"e_1_3_2_1_46_1","unstructured":"[n.d.]. Docker hub: alpine. https:\/\/hub.docker.com\/_\/alpine\/."},{"key":"e_1_3_2_1_47_1","unstructured":"[n.d.]. Docker hub: amazonlinux. https:\/\/hub.docker.com\/_\/amazonlinux."},{"key":"e_1_3_2_1_48_1","unstructured":"[n.d.]. Erlang OTP SSL. https:\/\/github.com\/erlang\/otp\/tree\/master\/lib\/ssl."},{"key":"e_1_3_2_1_49_1","unstructured":"[n.d.]. GnuTLS. https:\/\/gitlab.com\/gnutls\/gnutls\/blob\/master\/README.md."},{"key":"e_1_3_2_1_50_1","unstructured":"[n.d.]. Google Groups: dev-security-policy@mozilla.org. https:\/\/groups.google.com\/a\/mozilla.org\/g\/dev-security-policy."},{"key":"e_1_3_2_1_51_1","unstructured":"[n.d.]. Google Groups: mozilla.dev.security.policy. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy."},{"key":"e_1_3_2_1_52_1","unstructured":"[n.d.]. Java SE CA Root Certificate Program. https:\/\/www.oracle.com\/java\/technologies\/javase\/carootcertsprogram.html."},{"key":"e_1_3_2_1_53_1","unstructured":"[n.d.]. LibreSSL libtls. https:\/\/cvsweb.openbsd.org\/src\/lib\/libtls\/."},{"key":"e_1_3_2_1_54_1","unstructured":"[n.d.]. MatrixSSL. https:\/\/github.com\/matrixssl\/matrixssl."},{"key":"e_1_3_2_1_55_1","unstructured":"[n.d.]. Mbed TLS. https:\/\/github.com\/ARMmbed\/mbedtls."},{"key":"e_1_3_2_1_56_1","unstructured":"[n.d.]. Microsec new (ECC) Root Inclusion Request. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1445364."},{"key":"e_1_3_2_1_57_1","unstructured":"[n.d.]. Mozilla CA\/FAQ. https:\/\/wiki.mozilla.org\/CA\/FAQ."},{"key":"e_1_3_2_1_58_1","unstructured":"[n.d.]. Network Security Services (NSS). https:\/\/hg.mozilla.org\/projects\/nss."},{"key":"e_1_3_2_1_59_1","unstructured":"[n.d.]. NodeJS. https:\/\/github.com\/nodejs\/node."},{"key":"e_1_3_2_1_60_1","unstructured":"[n.d.]. OkHttp. https:\/\/github.com\/square\/okhttp."},{"key":"e_1_3_2_1_61_1","unstructured":"[n.d.]. OpenJDK. http:\/\/hg.openjdk.java.net\/."},{"key":"e_1_3_2_1_62_1","unstructured":"[n.d.]. OpenJDK source. https:\/\/github.com\/openjdk\/."},{"key":"e_1_3_2_1_63_1","unstructured":"[n.d.]. OpenSSL. https:\/\/github.com\/openssl\/openssl."},{"key":"e_1_3_2_1_64_1","unstructured":"[n.d.]. Removed CA Certificate List. https:\/\/ccadb-public.secure.force.com\/mozilla\/RemovedCACertificateReport."},{"key":"e_1_3_2_1_65_1","unstructured":"[n.d.]. Review Request: ca-cacert.org - CAcert.org CA root certificates. https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=474549."},{"key":"e_1_3_2_1_66_1","unstructured":"[n.d.]. Root certificates used by Opera. https:\/\/web.archive.org\/web\/20150207210358\/http:\/\/www.opera.com\/docs\/ca\/."},{"key":"e_1_3_2_1_67_1","unstructured":"[n.d.]. RSA BSAFE. https:\/\/community.rsa.com\/community\/products\/bsafe."},{"key":"e_1_3_2_1_68_1","unstructured":"[n.d.]. s2n. https:\/\/github.com\/awslabs\/s2n."},{"key":"e_1_3_2_1_69_1","unstructured":"[n.d.]. Secure Transport. https:\/\/opensource.apple.com\/source\/Security\/."},{"key":"e_1_3_2_1_70_1","unstructured":"[n.d.]. Secure Transport. https:\/\/developer.apple.com\/documentation\/security\/secure_transport."},{"key":"e_1_3_2_1_71_1","unstructured":"[n.d.]. Super-CAs. https:\/\/wiki.mozilla.org\/CA\/Subordinate_CA_Checklist#Super-CAs."},{"key":"e_1_3_2_1_72_1","unstructured":"[n.d.]. Symantec root certs - Set CKA_NSS_SERVER_DISTRUST_AFTER. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1618404."},{"key":"e_1_3_2_1_73_1","unstructured":"[n.d.]. Ubuntu ca-certificates. https:\/\/launchpad.net\/ubuntu\/+source\/ca-certificates."},{"key":"e_1_3_2_1_74_1","unstructured":"[n.d.]. wolfSSL. https:\/\/github.com\/wolfSSL\/wolfssl."},{"key":"e_1_3_2_1_75_1","unstructured":"2005. Apple Root Certificate Program. https:\/\/web.archive.org\/web\/20050503225244\/http:\/\/www.apple.com\/certificateauthority\/ca_program.html."},{"key":"e_1_3_2_1_76_1","unstructured":"2010. Windows root certificate program members. https:\/\/web.archive.org\/web\/20110728002957\/http:\/\/support.microsoft.com\/kb\/931125."},{"key":"e_1_3_2_1_77_1","first-page":"2011","year":"2011","unstructured":"2011. Security Update 2011-005. https:\/\/support.apple.com\/kb\/dl1447.","journal-title":"Security Update"},{"key":"e_1_3_2_1_78_1","unstructured":"2015. The MCS Incident and Its Consequences for CNNIC. https:\/\/blog.mozilla.org\/security\/files\/2015\/04\/CNNIC-MCS.pdf."},{"key":"e_1_3_2_1_79_1","unstructured":"2018. Electron's chromium is trusting different CAs then Electron's NodeJS. https:\/\/github.com\/electron\/electron\/issues\/11741."},{"key":"e_1_3_2_1_80_1","unstructured":"2018. Implement the Symantec distrust plan from Bug 1409257. https:\/\/hg.mozilla.org\/mozreview\/gecko\/rev\/f6c9341fde050d7079a8934636644aaf54bde922."},{"key":"e_1_3_2_1_81_1","unstructured":"2018. Secure Channel. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/secauthn\/secure-channel."},{"key":"e_1_3_2_1_82_1","unstructured":"Heather Adkins. 2011. An update on attempted man-in-the-middle attacks. https:\/\/security.googleblog.com\/2011\/08\/update-on-attempted-man-in-middle.html."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523665"},{"key":"e_1_3_2_1_84_1","volume-title":"Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security).","author":"Birge-Lee Henry","year":"2018","unstructured":"Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, and Prateek Mittal. 2018. Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom.2013.90"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987454"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"e_1_3_2_1_88_1","unstructured":"Jon Douglas. [n.d.]. Incident: NuGet Restore Issues on Debian Family Linux Distros. https:\/\/github.com\/NuGet\/Announcements\/issues\/49."},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_90_1","volume-title":"The Security Impact of HTTPS Interception. In Network & Distributed System Security Symposium (NDSS '17)","author":"Durumeric Zakir","year":"2017","unstructured":"Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In Network & Distributed System Security Symposium (NDSS '17)."},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423345"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_28"},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131406"},{"key":"e_1_3_2_1_95_1","volume-title":"Characterizing the Root Landscape of Certificate Transparency Logs. In IFIP Networking Conference (Networking).","author":"Korzhitskii Nikita","year":"2020","unstructured":"Nikita Korzhitskii and Niklas Carlsson. 2020. Characterizing the Root Landscape of Certificate Transparency Logs. In IFIP Networking Conference (Networking)."},{"key":"e_1_3_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"crossref","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. https:\/\/rfc-editor.org\/rfc\/rfc6962.txt","DOI":"10.17487\/rfc6962"},{"key":"e_1_3_2_1_98_1","volume-title":"Exploring CA Certificate Control. In 30th USENIX Security Symposium (USENIX Security '21)","author":"Ma Zane","year":"2021","unstructured":"Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, and Michael Bailey. 2021. What's in a Name? Exploring CA Certificate Control. In 30th USENIX Security Symposium (USENIX Security '21)."},{"key":"e_1_3_2_1_99_1","unstructured":"Mozilla. [n.d.]. Common CA Database. https:\/\/www.ccadb.org\/."},{"key":"e_1_3_2_1_100_1","unstructured":"Mozilla. [n.d.]. WoSign and StartCom. https:\/\/docs.google.com\/document\/d\/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ\/edit."},{"key":"e_1_3_2_1_101_1","unstructured":"Johnathan Nightingale. 2011. DigiNotar Removal Follow Up. https:\/\/blog.mozilla.org\/security\/2011\/09\/02\/diginotar-removal-follow-up\/."},{"key":"e_1_3_2_1_102_1","unstructured":"Johnathan Nightingale. 2011. Fraudulent *.google.com Certificate. https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/."},{"key":"e_1_3_2_1_103_1","unstructured":"Devin O'Brien Ryan Sleevi and Andrew Whalley. [n.d.]. Chrome Plan to Distrust Symantec Certificates. https:\/\/security.googleblog.com\/2017\/09\/chromes-plan-to-distrust-symantec.html."},{"key":"e_1_3_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_20"},{"key":"e_1_3_2_1_106_1","unstructured":"Ryan Sleevi. [n.d.]. Announcing the Chrome Root Program. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy\/c\/3Q36J4flnQs\/m\/VyWFiVwrBQAJ."},{"key":"e_1_3_2_1_107_1","unstructured":"Rob Stradling. [n.d.]. authroot.stl. https:\/\/github.com\/robstradling\/authroot.stl."},{"key":"e_1_3_2_1_108_1","unstructured":"Wayne Thayer. [n.d.]. DarkMatter Concerns. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy\/c\/nnLVNfqgz7g\/m\/TseYqDzaDAAJ."},{"key":"e_1_3_2_1_109_1","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2675015"},{"key":"e_1_3_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987462"},{"key":"e_1_3_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196528"},{"key":"e_1_3_2_1_112_1","unstructured":"Ben Wilson. [n.d.]. Quantifying the Value of Adding a New CA. https:\/\/groups.google.com\/a\/mozilla.org\/g\/dev-security-policy\/c\/LT_5efOFsSU."},{"key":"e_1_3_2_1_113_1","unstructured":"Kathleen Wilson. 2016. https:\/\/blog.mozilla.org\/security\/2016\/10\/24\/distrusting-new-wosign-and-startcom-certificates\/."}],"event":{"name":"IMC '21: ACM Internet Measurement Conference","location":"Virtual Event","acronym":"IMC '21","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","USENIX Assoc USENIX Assoc"]},"container-title":["Proceedings of the 21st ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3487552.3487813","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3487552.3487813","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T17:24:21Z","timestamp":1765819461000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3487552.3487813"}},"subtitle":["exploring the TLS trust anchor ecosystem"],"short-title":[],"issued":{"date-parts":[[2021,11,2]]},"references-count":113,"alternative-id":["10.1145\/3487552.3487813","10.1145\/3487552"],"URL":"https:\/\/doi.org\/10.1145\/3487552.3487813","relation":{},"subject":[],"published":{"date-parts":[[2021,11,2]]},"assertion":[{"value":"2021-11-02","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}