{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T11:38:06Z","timestamp":1763811486153,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,30]]},"DOI":"10.1145\/3664476.3670900","type":"proceedings-article","created":{"date-parts":[[2024,7,25]],"date-time":"2024-07-25T12:35:50Z","timestamp":1721910950000},"page":"1-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Article 45 of the eIDAS Directive Unveils the need to implement the X.509 4-cornered trust model for the WebPKI"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1611-2870","authenticated-orcid":false,"given":"Ahmad Samer","family":"Wazan","sequence":"first","affiliation":[{"name":"Zayed University, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0943-6180","authenticated-orcid":false,"given":"Romain","family":"Laborde","sequence":"additional","affiliation":[{"name":"Universit\u00e9 Toulouse 3 Paul Sabatier, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8236-8690","authenticated-orcid":false,"given":"Abdelmalek","family":"Benzekri","sequence":"additional","affiliation":[{"name":"Universit\u00e9 Toulouse 3 Paul Sabatier, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-9062-025X","authenticated-orcid":false,"given":"Imran","family":"Taj","sequence":"additional","affiliation":[{"name":"Zayed University, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Risk, Uncertainty, and Profit","author":"Frank H.","year":"1921","unstructured":"[1] Frank H. Knight: Risk, Uncertainty, and Profit. Boston And New York Houghton Mifflin Company (1921)."},{"volume-title":"Thomas Howard: Toward a Contingency Model of Strategic Risk Taking","author":"Inga Skromme Baird","key":"e_1_3_2_1_2_1","unstructured":"[2] Inga Skromme Baird, Thomas Howard: Toward a Contingency Model of Strategic Risk Taking. The Academy of Management Review, vol. 10, no. 2, pp. 230\u201343 (1985). Last accessed 9 Sep. 2022."},{"key":"e_1_3_2_1_3_1","volume-title":"The Philosophy of Money","author":"Georg Simmel","year":"1978","unstructured":"[3] Georg Simmel: The Philosophy of Money. London: Routledge (1978)."},{"key":"e_1_3_2_1_4_1","volume-title":"Trust and Power. Translated from the German by Howard Davis","author":"Niklas Luhmann","year":"1979","unstructured":"[4] Niklas Luhmann: Trust and Power. Translated from the German by Howard Davis, John Raffan and Kathryn Rooney. Editors: Michael King, Christian Morgner. Wiley (1979)."},{"key":"e_1_3_2_1_5_1","unstructured":"[5] 4-cornered Trust model in X.509 https:\/\/www.itu.int\/rec\/T-REC-X.509-201910-I\/en."},{"key":"e_1_3_2_1_6_1","volume-title":"Guidelines for removing superfish","author":"Lenovo","year":"2015","unstructured":"[6] Lenovo, Guidelines for removing superfish (2015), https:\/\/support.lenovo.com\/fr\/en\/product_security\/ps500066"},{"key":"e_1_3_2_1_7_1","volume-title":"Dell edellroot","author":"Dell","year":"2015","unstructured":"[7] Dell, Dell edellroot (2015), https:\/\/blog.dell.com\/en-us\/response-to-concerns-regarding-edellroot-certificate. Last accessed 9 Sep. 2022"},{"key":"e_1_3_2_1_8_1","volume-title":"Program Requirements, https:\/\/technet.microsoft.com\/en-us\/library\/cc751157.aspx. Last accessed","author":"Microsoft Trusted Root Certificate","year":"2022","unstructured":"[8] Microsoft Trusted Root Certificate: Program Requirements, https:\/\/technet.microsoft.com\/en-us\/library\/cc751157.aspx. Last accessed 9 Sep. 2022"},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/www.apple.com\/certificateauthority\/ca_program.html. Last accessed","author":"Apple Root Certificate Program","year":"2022","unstructured":"[9] Apple Root Certificate Program, https:\/\/www.apple.com\/certificateauthority\/ca_program.html. Last accessed 9 Sep. 2022"},{"key":"e_1_3_2_1_10_1","unstructured":"[10] Mozilla\u2019s CA Certificate Program https:\/\/wiki.mozilla.org\/CA."},{"key":"e_1_3_2_1_11_1","volume-title":"Eddie Billoir","author":"Ahmad S.","year":"2020","unstructured":"[11] Ahmad S. Wazan, Romain Laborde, David W. Chadwick, R\u00e9mi Venant, Abdelmalek Benzekri, Eddie Billoir, Omar Alfandi: On the Validation of Web X.509 Certificates by TLS interception products. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 19, NO. 1 (2020)."},{"key":"e_1_3_2_1_12_1","volume-title":"WISE 2013","author":"Ahmad S.","year":"2013","unstructured":"[12] Ahmad S. Wazan, Romain Laborde, Fran\u00e7ois Barrere, Abdelmalek Benzekri, David W. Chadwick : PKI Interoperability: Still an Issue? A Solution in the X.509 Realm. In: WISE 2013. IFIP Advances in Information and Communication Technology, vol 406. Springer, Berlin, Heidelberg (2013)."},{"key":"e_1_3_2_1_13_1","unstructured":"[13] CabForum EV guidelines https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-EV-Guidelines-v1.7.6.pdf"},{"key":"e_1_3_2_1_14_1","volume-title":"Mustafa Kaiiali","author":"Ahmad S.","year":"2017","unstructured":"[14] Ahmad S. Wazan, Romain Laborde, David W. Chadwick, Francois Barrere, Abdelmalek Benzekri, Mustafa Kaiiali, Adib Habbal: Trust management for public key infrastructures: Implementing the X.509 trust broker. Security and Communication Networks, vol. 2017, Article ID 6907146, 23 pages (2017)."},{"key":"e_1_3_2_1_15_1","first-page":"342","volume-title":"ARES\u201907","author":"Suranjith Ariyapperuma J.","unstructured":"[15] Suranjith Ariyapperuma, Chris J. Mitchell: Security vulnerabilities in DNS and DNSSEC. In: ARES\u201907, pp. 335\u2013342. IEEE, Vienna, Austria (2007)."},{"key":"e_1_3_2_1_16_1","unstructured":"[16] eIDAS - The Ecosystem https:\/\/www.eid.as\/."},{"key":"e_1_3_2_1_17_1","volume-title":"Adrienne Porter Felt: The Web\u2019s Identity Crisis: Understanding the Effectiveness of Website Identity Indicators. In: USENIX Security Symposium","author":"Christopher Thompson","year":"2019","unstructured":"[17] Christopher Thompson, Martin Shelton, Emily Stark, Max Walker, Emily Schechter, Adrienne Porter Felt: The Web\u2019s Identity Crisis: Understanding the Effectiveness of Website Identity Indicators. In: USENIX Security Symposium, 2019."},{"key":"e_1_3_2_1_18_1","unstructured":"[18] Apple\u2019s Log list https:\/\/valid.apple.com\/ct\/log_list\/current_log_list.json."},{"key":"e_1_3_2_1_19_1","unstructured":"[19] Google\u2019s Log list (V3) https:\/\/www.gstatic.com\/ct\/log_list\/v3\/log_list.json"},{"key":"e_1_3_2_1_20_1","volume-title":"https:\/\/blog.mozilla.org\/netpolicy\/files\/2021\/11\/eIDAS-Position-paper-Mozilla-.pdf (November","author":"Mozilla position paper on the European Commission","year":"2021","unstructured":"[20] Mozilla position paper on the European Commission\u2019s legislative proposal to revise the eIDAS Regulation, https:\/\/blog.mozilla.org\/netpolicy\/files\/2021\/11\/eIDAS-Position-paper-Mozilla-.pdf (November 2021)."},{"key":"e_1_3_2_1_21_1","unstructured":"[21] Browser UI Security Indicators https:\/\/pkic.org\/uploads\/2017\/03\/CASC-Browser-UI-Security-Indicators.pdf."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367569"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6797"},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-36326. Last accessed","author":"Example","year":"2022","unstructured":"[24] Example of SSL stripping attack, https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-36326. Last accessed 9 Sep. 2022"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213232.3213235"},{"key":"e_1_3_2_1_26_1","volume-title":"Sep. 7","author":"Browser Forum","year":"2017","unstructured":"[26] CA\/Browser Forum. Ballot 187. https:\/\/cabforum.org\/2017\/03\/ 08\/ballot-187-make-caa-checking-mandatory\/, Sep. 7, 2017."},{"key":"e_1_3_2_1_27_1","volume-title":"January, 2013.","author":"Hallam-Baker R.","year":"2013","unstructured":"[27] P. Hallam-Baker and R. Stradling (2013). RFC6844 \u2013 DNS Certification Authority Authorization (CAA) Resource Record, January, 2013."},{"key":"e_1_3_2_1_28_1","volume-title":"Dec. 22, 2008.","author":"Nigg","year":"2008","unstructured":"[28] E. Nigg (2008). Unbelievable! https:\/\/groups.google.com\/d\/msgmozilla.dev.tech.cryptonAzIKSBEh78\/7GEZ4f57F-cJ, Dec. 22, 2008."},{"key":"e_1_3_2_1_29_1","volume-title":"Aug. 25, 2008.","author":"Zusman","year":"2008","unstructured":"[29] M. Zusman (2008). Domain validated SSL certificates. http:\/\/schmoil. blogspot.de\/2008\/08\/domain-validated-ssl-certificates.html, Aug. 25, 2008."},{"key":"e_1_3_2_1_30_1","volume-title":"Oct.","author":"Hallam-Baker R.","year":"2010","unstructured":"[30] P. Hallam-Baker, R. Stradling, and B. Laurie (2010). DNS Certification Authority Authorization (CAA) Resource Record. https: \/\/datatracker.ietf.org\/doc\/draft-hallambaker-donotissue\/, Oct. 2010."},{"key":"e_1_3_2_1_31_1","volume-title":"RPKI - The required cryptographic upgrade to BGP routing. https:\/\/blog.cloudflare.com\/rpki\/","author":"Martin J","year":"2018","unstructured":"[31]Martin J Levy (2018). RPKI - The required cryptographic upgrade to BGP routing. https:\/\/blog.cloudflare.com\/rpki\/"},{"key":"e_1_3_2_1_32_1","volume-title":"Public key pinning extension for http. RFC","author":"Evans C.","year":"2015","unstructured":"[32] C. Evans, C. Palmer, and R. Sleevi (2015). Public key pinning extension for http. RFC 7469, Apr. 2015. https:\/\/www.ietf.org\/rfc\/rfc7469.txt"},{"key":"e_1_3_2_1_33_1","volume-title":"November 30, 2011. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-websec-key-pinning-00","author":"Evans C.","year":"2011","unstructured":"[33] C. Evans, C. Palmer (2011). Public Key Pinning Extension for HTTP draft-ietf-websec-key-pinning-00. draft RFC, November 30, 2011. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-websec-key-pinning-00"},{"key":"e_1_3_2_1_34_1","first-page":"59","volume":"25","author":"Bratspies R. M.","year":"2018","unstructured":"[34] Bratspies, R. M. (n.d.) (2018). Cryptocurrency and the Myth of the Trustless Transaction. 25, 59.","journal-title":"Cryptocurrency and the Myth of the Trustless Transaction."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.techsoc.2020.101284\/"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1086\/292745"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/355112.355120"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1140\/epjb\/e2003-00095-5"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1126\/science.1070120"},{"key":"e_1_3_2_1_40_1","volume-title":"Semantic Constraints for Trust Transitivity. 10","author":"J\u00f8sang A.","year":"2005","unstructured":"[40] J\u00f8sang, A., & Pope, S. (n.d.) (2005). Semantic Constraints for Trust Transitivity. 10."},{"key":"e_1_3_2_1_41_1","volume-title":"Is HTTP Public Key Pinning Dead?. https:\/\/blog.qualys.com\/product-tech\/2016\/09\/06\/is-http-public-key-pinning-dead","author":"Ivan Ristic","year":"2016","unstructured":"[41] Ivan Ristic (2016). Is HTTP Public Key Pinning Dead?. https:\/\/blog.qualys.com\/product-tech\/2016\/09\/06\/is-http-public-key-pinning-dead"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1142\/9789814447614_0006"},{"key":"e_1_3_2_1_43_1","volume-title":"NIST","author":"Hanna J.","year":"2004","unstructured":"[43] S. R. Hanna and J. Pawluk, Identifying and Overcoming Obstacles to PKI Deployment and Usage, in 3rd Annual PKI R&D Workshop, NIST, Gaithersburg, MD, 2004."},{"key":"e_1_3_2_1_44_1","volume-title":"Abdelmalek Benzekri and David W. Chadwick","author":"Ahmad Samer Wazan","year":"2013","unstructured":"[44] Ahmad Samer Wazan, Romain Laborde, Fransois Barrere, Abdelmalek Benzekri and David W. Chadwick (2013). PKI Interoperability: Still an Issue? A Solution in the X.509 Realm. In: IFIP International Federation for Information Processing."},{"key":"e_1_3_2_1_45_1","volume-title":"ARTICLE 45 WHERE WE ARE, AND POSSIBLE OUTCOMES WHERE ARE WE, AND HOW DID WE GET HERE? [PowerPoint presentation]. ENISA Trust Services Forum -","author":"Bailey C.","year":"2022","unstructured":"[45] Bailey, C. (2022, October 30). eIDAS 2, ARTICLE 45 WHERE WE ARE, AND POSSIBLE OUTCOMES WHERE ARE WE, AND HOW DID WE GET HERE? [PowerPoint presentation]. ENISA Trust Services Forum - 28 October 2022 - Berlin. https:\/\/www.enisa.europa.eu\/events\/trust-services-forum-ca-day-2022\/presentations\/chris-bailey-enisa-trust-services-forum-2022.pdf"},{"key":"e_1_3_2_1_46_1","unstructured":"[46]No Broken Browsers. (2023 October 17). Open letter to the European Commission on its eIDAS proposal. Jeremiah Lee. https:\/\/www.jeremiahlee.com\/posts\/2023-eu-eidas-feedback\/"},{"key":"e_1_3_2_1_47_1","unstructured":"[47] Chris Bailey (2022). eIDAS 2 ARTICLE 45 WHERE WE ARE AND POSSIBLE OUTCOMES. Accessible online 01\/01\/2024: https:\/\/www.enisa.europa.eu\/events\/trust-services-forum-ca-day-2022\/presentations\/chris-bailey-enisa-trust-services-forum-2022.pdf"},{"key":"e_1_3_2_1_48_1","volume-title":"A hard look at Certificate Transparency, Part I: Transparency Systems. Accessible online 01\/01\/2024:https:\/\/educatedguesswork.org\/posts\/transparency-part-1\/","author":"Eric Rescorla","year":"2023","unstructured":"[48] Eric Rescorla (2023). A hard look at Certificate Transparency, Part I: Transparency Systems. Accessible online 01\/01\/2024:https:\/\/educatedguesswork.org\/posts\/transparency-part-1\/"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"[49] D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley W. Polk (2008 May). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. https:\/\/www.ietf.org\/rfc\/rfc5280.txt","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"[50] S. Santesson M. Myers R. Ankney A. Malpani S. Galperin C. Adams (2013 June). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP Profile. https:\/\/datatracker.ietf.org\/doc\/html\/rfc6960","DOI":"10.17487\/rfc6960"},{"key":"e_1_3_2_1_51_1","volume-title":"Extension Definitions.\" RFC","author":"Eastlake","year":"2011","unstructured":"[51] D. Eastlake 3rd, J. Pan, A. Guttman. \"Transport Layer Security (TLS) Extensions: Extension Definitions.\" RFC 6066, April 2011. Available at: https:\/\/datatracker.ietf.org\/doc\/rfc6066\/."},{"key":"e_1_3_2_1_52_1","unstructured":"[52] C. Hartman D. Zhang K. Jaganathan. \"The Transport Layer Security (TLS) Multiple Certificate Status Request Extension.\" RFC 6961 June 2013. Available at: https:\/\/datatracker.ietf.org\/doc\/rfc6961\/."},{"key":"e_1_3_2_1_53_1","volume-title":"Revocation Statuses on the Internet (arXiv:2102.04288). arXiv","author":"Korzhitskii N.","year":"2022","unstructured":"[53] Korzhitskii, N., & Carlsson, N. (2022). Revocation Statuses on the Internet (arXiv:2102.04288). arXiv. http:\/\/arxiv.org\/abs\/2102.04288"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2017.240"},{"key":"e_1_3_2_1_55_1","unstructured":"[55]Revocation checking Chrome and CRLsets https:\/\/unmitigatedrisk.com?p=236"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363192"}],"event":{"name":"ARES 2024: The 19th International Conference on Availability, Reliability and Security","acronym":"ARES 2024","location":"Vienna Austria"},"container-title":["Proceedings of the 19th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670900","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664476.3670900","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:49:52Z","timestamp":1755881392000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670900"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,30]]},"references-count":56,"alternative-id":["10.1145\/3664476.3670900","10.1145\/3664476"],"URL":"https:\/\/doi.org\/10.1145\/3664476.3670900","relation":{},"subject":[],"published":{"date-parts":[[2024,7,30]]},"assertion":[{"value":"2024-07-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}