{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:44Z","timestamp":1750309544410,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62394322"],"award-info":[{"award-number":["62394322"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,22]]},"DOI":"10.1145\/3696410.3714763","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T22:47:11Z","timestamp":1745362031000},"page":"1058-1067","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["ACME++: A Secure Authorization Mechanism for ACME Clients in the Web PKI Ecosystem"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-5001-8368","authenticated-orcid":false,"given":"Tianyu","family":"Zhang","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4429-9959","authenticated-orcid":false,"given":"Han","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-8126-7248","authenticated-orcid":false,"given":"Yunze","family":"Wei","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0148-5965","authenticated-orcid":false,"given":"Yahui","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6487-9526","authenticated-orcid":false,"given":"Xingang","family":"Shi","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4493-5145","authenticated-orcid":false,"given":"Jilong","family":"Wang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0037-2777","authenticated-orcid":false,"given":"Xia","family":"Yin","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"acmesh-official. 2024. acme.sh. https:\/\/github.com\/acmesh-official\/acme.sh Accessed: 2024-09--25."},{"key":"e_1_3_2_1_2_1","unstructured":"John Althouse. 2023. Easily Identify Malicious Servers on the Internet with JARM. https:\/\/engineering.salesforce.com\/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a\/ Accessed: 2024-09--28."},{"key":"e_1_3_2_1_3_1","unstructured":"Apache Software Foundation. 2025. Apache Log4j 2. https:\/\/logging.apache.org\/log4j\/2.x\/index.html. Accessed: 2025-01--26."},{"key":"e_1_3_2_1_4_1","unstructured":"Trust Asia. 2020. Extremely Dangerous! Tesla Suffers Major Failure Due to Expired Certificates Causing Large-Scale Outage. https:\/\/www.trustasia.com\/view-tesla-expired\/"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","unstructured":"R. Barnes J. Hoffman-Andrews D. McCarney and J. Kasten. 2019. Automatic Certificate Management Environment (ACME). RFC 8555. https:\/\/doi.org\/10.17487\/RFC8555","DOI":"10.17487\/RFC8555"},{"volume-title":"Proceedings of the 27th USENIX Conference on Security Symposium","author":"Birge-Lee H.","key":"e_1_3_2_1_6_1","unstructured":"H. Birge-Lee, Y. Sun, A. Edmundson, J. Rexford, and P. Mittal. 2018. Bamboozling Certificate Authorities with BGP. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) (SEC'18). USENIX Association, USA, 833--849."},{"key":"e_1_3_2_1_7_1","unstructured":"Google Security Blog. 2015. Maintaining Digital Certificate Security. https:\/\/security.googleblog.com\/2015\/03\/maintaining-digital-certificate-security.html Accessed: 2024--10--14."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3232755.3232859"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243790"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978301"},{"key":"e_1_3_2_1_11_1","unstructured":"Checkmarx. 2024. Zed Attack Proxy (ZAP). https:\/\/github.com\/zaproxy\/zaproxy. Accessed: 2025-01--28."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.23919\/CNSM52442.2021.9615590"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00046"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"e_1_3_2_1_15_1","unstructured":"Cloudflare. 2024. Cloudflare Nimbus Certificate Transparency Logs. https:\/\/ct.cloudflare.com\/logs\/nimbus2024\/ Additional logs available at https:\/\/ct.cloudflare.com\/logs\/nimbus2025\/ Accessed: 2024--10--14."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical Report RFC 5280. Network Working Group. https:\/\/www.rfc-editor.org\/rfc\/rfc5280","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484815"},{"key":"e_1_3_2_1_18_1","unstructured":"DigiCert. 2024. Third-Party ACME Integration Guide. https:\/\/docs.digicert.com\/en\/certcentral\/certificate-tools\/certificate-lifecycle-automation-guides\/third-party-acme-integration.html Accessed: 2024--10--14."},{"key":"e_1_3_2_1_19_1","unstructured":"Electronic Frontier Foundation. 2024. Certbot. https:\/\/certbot.eff.org\/ Accessed: 2024-09--25."},{"key":"e_1_3_2_1_20_1","unstructured":"Let's Encrypt. 2024. Rate Limits. https:\/\/letsencrypt.org\/docs\/rate-limits\/ Accessed: 2024--10-06."},{"key":"e_1_3_2_1_21_1","unstructured":"Toptal Talent Network Experts. 2024. 10 Common Web Security Vulnerabilities. https:\/\/www.toptal.com\/cybersecurity\/10-most-common-web-security-vulnerabilities. Accessed: 2025-01--28."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-031--28486--1_4"},{"key":"e_1_3_2_1_23_1","volume-title":"Accessed","author":"Fisher Dennis","year":"2012","unstructured":"Dennis Fisher. 2012. Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. https:\/\/threatpost.com\/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112\/77170\/. Accessed: August 18, 2024."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWQoS.2015.7404744"},{"volume-title":"Accessed","year":"2024","key":"e_1_3_2_1_25_1","unstructured":"Google. 2024a. Certificate Transparency. https:\/\/certificate.transparency.dev\/. Accessed: August 18, 2024."},{"key":"e_1_3_2_1_26_1","unstructured":"Google. 2024b. Google CT Argon 2024 Log. https:\/\/ct.googleapis.com\/logs\/us1\/argon2024\/ Accessed: 2024--10--14."},{"volume-title":"Accessed","year":"2024","key":"e_1_3_2_1_27_1","unstructured":"Google. 2024c. HTTPS Encryption on the Web. https:\/\/transparencyreport.google.com\/https\/overview. Accessed: August 18, 2024."},{"key":"e_1_3_2_1_28_1","volume-title":"nginx alias misconfiguration allowing path traversal. https:\/\/davidhamann.de\/2022\/08\/14\/nginx-alias-traversal\/ Updated","author":"Hamann David","year":"2022","unstructured":"David Hamann. 2022. nginx alias misconfiguration allowing path traversal. https:\/\/davidhamann.de\/2022\/08\/14\/nginx-alias-traversal\/ Updated: August 14, 2022."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00039"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2023.3323640"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"B. Laurie A. Langley and E. Kasper. 2013. Certificate Transparency. Technical Report RFC 6962. Internet Engineering Task Force (IETF). https:\/\/www.rfc-editor.org\/info\/rfc6962","DOI":"10.17487\/rfc6962"},{"key":"e_1_3_2_1_32_1","unstructured":"Let's Encrypt. n.d. a. Challenge Types. https:\/\/letsencrypt.org\/docs\/challenge-types\/ Accessed: 2024-09--25."},{"key":"e_1_3_2_1_33_1","unstructured":"Let's Encrypt. n.d. b. Let's Encrypt. https:\/\/letsencrypt.org\/ Accessed: 2024-09--25."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624802"},{"key":"e_1_3_2_1_35_1","volume-title":"Accessed","author":"Nightingale J.","year":"2011","unstructured":"J. Nightingale. 2011. Fraudulent *.google.com Certificate. https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/. Accessed: August 18, 2024."},{"key":"e_1_3_2_1_36_1","unstructured":"OWASP. 2024. OWASP Top Ten. https:\/\/owasp.org\/www-project-top-ten\/. Accessed: 2025-01--28."},{"key":"e_1_3_2_1_37_1","unstructured":"OWASP. n.d.. Path Traversal Attack. https:\/\/owasp.org\/www-community\/attacks\/Path_Traversal Accessed: 2024-09--25."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00053"},{"key":"e_1_3_2_1_39_1","unstructured":"PortSwigger. 2024. Burp Suite. https:\/\/www.kali.org\/tools\/burpsuite\/. Accessed: 2025-01--28."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.31410\/ERAZ.S.P.2019.169"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338498.3358655"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278562"},{"key":"e_1_3_2_1_43_1","unstructured":"Sectigo. 2024. Sectigo Sabre Certificate Transparency Logs. https:\/\/sabre2025h2.ct.sectigo.com\/ Additional logs available at https:\/\/sabre2025h1.ct.sectigo.com\/ https:\/\/sabre2024h2.ct.sectigo.com\/ https:\/\/sabre2024h1.ct.sectigo.com\/ Accessed: 2024--10--14."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560629"},{"key":"e_1_3_2_1_45_1","unstructured":"Security Staff. 2024. 70% of Web Applications Have Severe Security Gaps. https:\/\/www.securitymagazine.com\/articles\/99770--70-of-web-applications-have-severe-security-gaps. Accessed: 2025-01--28."},{"key":"e_1_3_2_1_46_1","unstructured":"Dan Swinhoe. 2023. SpaceX Starlink Outage Caused by Expired Ground Station Certificates. https:\/\/www.datacenterdynamics.com\/en\/news\/spacex-starlink-outage-caused-by-expired-ground-station-certificates\/"},{"key":"e_1_3_2_1_47_1","unstructured":"Dirty COW Team. 2016. Dirty COW (CVE-2016--5195). https:\/\/dirtycow.ninja\/. Accessed: 2025-01--28."},{"key":"e_1_3_2_1_48_1","unstructured":"Cisco Umbrella. 2024. Umbrella Popularity List. https:\/\/umbrella-static.s3-us-west-1.amazonaws.com\/index.html Accessed: 2024--10-06."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2927517"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2019.2951925"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2017.08.020"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494843"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663758"}],"event":{"name":"WWW '25: The ACM Web Conference 2025","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Sydney NSW Australia","acronym":"WWW '25"},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714763","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714763","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:41Z","timestamp":1750295921000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714763"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":54,"alternative-id":["10.1145\/3696410.3714763","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714763","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}