{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T00:57:09Z","timestamp":1760576229825,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","funder":[{"name":"National Natural Science Foundation of China","award":["62102218"],"award-info":[{"award-number":["62102218"]}]},{"name":"National Natural Science Foundation of China","award":["62302258"],"award-info":[{"award-number":["62302258"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,28]]},"DOI":"10.1145\/3730567.3732921","type":"proceedings-article","created":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T17:39:24Z","timestamp":1760549964000},"page":"171-184","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Chaos in the Chain: Evaluate Deployment and Construction Compliance of Web PKI Certificate Chain"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-6138-0103","authenticated-orcid":false,"given":"Jia","family":"Yao","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6774-5299","authenticated-orcid":false,"given":"Yiming","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9032-8063","authenticated-orcid":false,"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1485-5951","authenticated-orcid":false,"given":"Zhan","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9797-6875","authenticated-orcid":false,"given":"Mingming","family":"Zhang","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2025,10,15]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n d.]. Chrome Root Store. https:\/\/chromium.googlesource.com\/chromium\/src\/\/main\/net\/data\/ssl\/chrome_root_store\/root_store.md"},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. Nmap. https:\/\/nmap.org\/"},{"key":"e_1_3_2_1_3_1","unstructured":"[n.d.]. ZGrab 2.0. https:\/\/github.com\/zmap\/zgrab2"},{"key":"e_1_3_2_1_4_1","unstructured":"2020. ''all trusted Web PKI Certificate Authority certificates known to Mozilla will be cached locally''. https:\/\/lwn.net\/Articles\/817182\/"},{"key":"e_1_3_2_1_5_1","unstructured":"2023. Mozilla Project. https:\/\/wiki.mozilla.org\/CA\/Included_Certificates"},{"key":"e_1_3_2_1_6_1","unstructured":"2024. CVE-2024-0567. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-0567"},{"key":"e_1_3_2_1_7_1","unstructured":"2024. List of Participants - Microsoft Trusted Root Program. https:\/\/learn. microsoft.com\/en-us\/security\/trusted-root\/participants-list"},{"key":"e_1_3_2_1_8_1","first-page":"1407","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017","author":"Acer Mustafa Emre","year":"2017","unstructured":"Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, and Parisa Tabriz. 2017. Where the WildWarnings Are: Root Causes of Chrome HTTPS Certificate Errors. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1407-1420. doi:10.1145\/3133956.3134007"},{"key":"e_1_3_2_1_9_1","first-page":"114","volume-title":"Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL\/TLS Implementations. In 2014 IEEE Symposium on Security and Privacy, SP 2014","author":"Brubaker Chad","year":"2014","unstructured":"Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, and Vitaly Shmatikov. 2014. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL\/TLS Implementations. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, 114-129. doi:10.1109\/SP.2014.15"},{"key":"e_1_3_2_1_10_1","unstructured":"Chromium. [n. d.]. The Chromium Projects. https:\/\/source.chromium.org\/chromium\/"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5280"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC4158"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","first-page":"1388","DOI":"10.1145\/3460120.3484793","volume-title":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19","author":"Debnath Joyanta","year":"2021","unstructured":"Joyanta Debnath, Sze Yiu Chau, and Omar Chowdhury. 2021. On Re-engineering the X.509 PKI with Executable Specification for Better Implementation Guarantees. In CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021, Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi (Eds.). ACM, New York, NY, USA, 1388-1404. doi:10.1145\/3460120.3484793"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5246"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","author":"Durumeric Zakir","year":"2015","unstructured":"Zakir Durumeric, David Adrian, Ariana Mirian, Michael D. Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015, Indrajit Ray, Ninghui Li, and Christopher Kruegel (Eds.). ACM, New York, NY, USA, 542-553. doi:10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 2013 Internet Measurement Conference, IMC 2013","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, James Kasten, Michael D. Bailey, and J. Alex Halderman. 2013. Analysis of the HTTPS certificate ecosystem. In Proceedings of the 2013 Internet Measurement Conference, IMC 2013, Barcelona, Spain, October 23-25, 2013, Konstantina Papagiannaki, P. Krishna Gummadi, and Craig Partridge (Eds.). ACM, New York, NY, USA, 291-304. doi:10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_17_1","volume-title":"The Security Impact of HTTPS Interception. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Durumeric Zakir","year":"2017","unstructured":"Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael D. Bailey, J. Alex Halderman, and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/security-impact-https-interception\/"},{"key":"e_1_3_2_1_18_1","first-page":"50","volume-title":"the ACM Conference on Computer and Communications Security, CCS'12","author":"Fahl Sascha","year":"2012","unstructured":"Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumg\u00e4rtner, and Bernd Freisleben. 2012. Why eve and mallory love android: an analysis of android SSL (in)security. In the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012, Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). ACM, 50-61. doi:10.1145\/2382196.2382205"},{"key":"e_1_3_2_1_19_1","first-page":"38","volume-title":"the ACM Conference on Computer and Communications Security, CCS'12","author":"Georgiev Martin","year":"2012","unstructured":"Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. 2012. The most dangerous code in the world: validating SSL certificates in non-browser software. In the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012, Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). ACM, New York, NY, USA, 38-49. doi:10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_20_1","unstructured":"GnuTLS. [n. d.]. The GnuTLS Projects. https:\/\/gitlab.com\/gnutls\/gnutls"},{"key":"e_1_3_2_1_21_1","unstructured":"Google. [n. d.]. Certificate Transparency. https:\/\/certificate.transparency.dev"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","first-page":"1289","DOI":"10.1145\/3372297.3423345","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Hiller Jens","year":"2020","unstructured":"Jens Hiller, Johanna Amann, and Oliver Hohlfeld. 2020. The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, USA) (CCS '20). Association for Computing Machinery, New York, NY, USA, 1289-1306. doi:10.1145\/3372297.3423345"},{"key":"e_1_3_2_1_23_1","first-page":"427","volume-title":"Proceedings of the 11th ACM SIGCOMM Internet Measurement Conference, IMC '11","author":"Holz Ralph","year":"2011","unstructured":"Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In Proceedings of the 11th ACM SIGCOMM Internet Measurement Conference, IMC '11, Berlin, Germany, November 2-, 2011, Patrick Thiran andWalter Willinger (Eds.). ACM, NewYork, NY, USA, 427-444. doi:10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_24_1","first-page":"83","volume-title":"Analyzing Forged SSL Certificates in the Wild. In 2014 IEEE Symposium on Security and Privacy, SP 2014","author":"Huang Lin-Shung","year":"2014","unstructured":"Lin-Shung Huang, Alex Rice, Erling Ellingsen, and Collin Jackson. 2014. Analyzing Forged SSL Certificates in the Wild. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, 83-97. doi:10.1109\/SP.2014.13"},{"key":"e_1_3_2_1_25_1","unstructured":"ICSI. [n. d.]. ICSI Certificate Notary. http:\/\/notary.icsi.berkeley.edu\/"},{"key":"e_1_3_2_1_26_1","unstructured":"Apple Inc. 2023. Lists of available trusted root certificates in macOS. https:\/\/support.apple.com\/en-us\/103723"},{"key":"e_1_3_2_1_27_1","volume-title":"PAM 2021, Virtual Event, March 29 - April 1, 2021, Proceedings (Lecture Notes in Computer Science","volume":"191","author":"Korzhitskii Nikita","year":"2021","unstructured":"Nikita Korzhitskii and Niklas Carlsson. 2021. Revocation Statuses on the Internet. In Passive and Active Measurement - 22nd International Conference, PAM 2021, Virtual Event, March 29 - April 1, 2021, Proceedings (Lecture Notes in Computer Science, Vol. 12671), Oliver Hohlfeld, Andra Lutu, and Dave Levin (Eds.). Springer, 175-191. doi:10.1007\/978-3-030-72582-2_11"},{"key":"e_1_3_2_1_28_1","first-page":"785","volume-title":"Tracking Certificate Misissuance in the Wild. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings","author":"Kumar Deepak","year":"2018","unstructured":"Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, and Michael D. Bailey. 2018. Tracking Certificate Misissuance in the Wild. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA. IEEE Computer Society, 785-798. doi:10.1109\/SP. 2018.00015"},{"key":"e_1_3_2_1_29_1","first-page":"1857","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022","author":"Larisch James","year":"2022","unstructured":"James Larisch, Waqar Aqeel, Michael Lum, Yaelle Goldschlag, Leah Kannan, Kasra Torshizi, Yujie Wang, Taejoong Chung, Dave Levin, Bruce M. Maggs, Alan Mislove, Bryan Parno, and Christo Wilson. 2022. Hammurabi: A Framework for Pluggable, Logic-Based X.509 Certificate Validation Policies. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022, Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi (Eds.). ACM, New York, NY, USA, 1857-1870. doi:10. 1145\/3548606.3560594"},{"key":"e_1_3_2_1_30_1","first-page":"183","volume-title":"Proceedings of the 2015 ACM Internet Measurement Conference, IMC 2015","author":"Liu Yabing","year":"2015","unstructured":"Yabing Liu, Will Tome, Liang Zhang, David R. Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Aaron Schulman, and Christo Wilson. 2015. An End-to-End Measurement of Certificate Revocation in the Web's PKI. In Proceedings of the 2015 ACM Internet Measurement Conference, IMC 2015, Tokyo, Japan, October 28-30, 2015, Kenjiro Cho, Kensuke Fukuda, Vivek S. Pai, and Neil Spring (Eds.). ACM, New York, NY, USA, 183-196. doi:10.1145\/2815675.2815685"},{"key":"e_1_3_2_1_31_1","unstructured":"MbedTLS. [n. d.]. The MbedTLS Projects. https:\/\/github.com\/Mbed-TLS\/mbedtls"},{"key":"e_1_3_2_1_32_1","unstructured":"Mozilla NSS. [n. d.]. The Mozilla NSS Projects. https:\/\/github.com\/nss-dev\/nss"},{"key":"e_1_3_2_1_33_1","unstructured":"OpenSSL. [n. d.]. The OpenSSL Projects. https:\/\/github.com\/openssl\/openssl"},{"key":"e_1_3_2_1_34_1","volume-title":"Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Pochat Victor Le","year":"2019","unstructured":"Victor Le Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczynski, and Wouter Joosen. 2019. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/tranco-aresearch-oriented-top-sites-ranking-hardened-against-manipulation\/"},{"key":"e_1_3_2_1_35_1","first-page":"683","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Pourali Sajjad","year":"2024","unstructured":"Sajjad Pourali, Xiufen Yu, Lianying Zhao, Mohammad Mannan, and Amr Youssef. 2024. Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 683-700. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/pourali"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_1_37_1","first-page":"343","volume-title":"Proceedings of the Internet Measurement Conference 2018, IMC 2018","author":"Scheitle Quirin","year":"2018","unstructured":"Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, and Matthias W\u00e4hlisch. 2018. The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem. In Proceedings of the Internet Measurement Conference 2018, IMC 2018, Boston, MA, USA, October 31 - November 02, 2018. ACM, New York, NY, USA, 343-349. https:\/\/dl.acm.org\/citation.cfm?id=3278562"},{"key":"e_1_3_2_1_38_1","first-page":"521","volume-title":"HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL\/TLS Implementations. In 2017 IEEE Symposium on Security and Privacy, SP 2017","author":"Sivakorn Suphannee","year":"2017","unstructured":"Suphannee Sivakorn, George Argyros, Kexin Pei, Angelos D. Keromytis, and Suman Jana. 2017. HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL\/TLS Implementations. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017. IEEE Computer Society, 521-538. doi:10.1109\/SP.2017.46"},{"key":"e_1_3_2_1_39_1","unstructured":"Ryan Sleevi. 2020. Path Building vs Path Verifying: The Chain of Pain. Medium. https:\/\/medium.com\/@sleevi_\/path-building-vs-path-verifying-thechain-of-pain-9fbab861d7d6"},{"key":"e_1_3_2_1_40_1","first-page":"211","volume-title":"Measuring Adoption and Error Rate. In 2019 IEEE Symposium on Security and Privacy, SP 2019","author":"Stark Emily","year":"2019","unstructured":"Emily Stark, Ryan Sleevi, Rijad Muminovic, Devon O'Brien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, and Parisa Tabriz. 2019. Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, 211-226. doi:10.1109\/SP.2019.00027"},{"key":"e_1_3_2_1_41_1","unstructured":"Tranco. 2024. Tranco Top Domain Name List. https:\/\/tranco-list.eu\/"},{"key":"e_1_3_2_1_42_1","volume-title":"NSS 2021, Tianjin, China, October 23, 2021, Proceedings (Lecture Notes in Computer Science","volume":"37","author":"Li Yakang","year":"2021","unstructured":"WenyaWang, Yakang Li, ChaoWang, Yuan Yan, Juanru Li, and Dawu Gu. 2021. Re-Check Your Certificates! Experiences and Lessons Learnt from Real-WorldHTTPS Certificate Deployments. In Network and System Security - 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings (Lecture Notes in Computer Science, Vol. 13041), Min Yang, Chao Chen, and Yang Liu (Eds.). Springer, 17-37. doi:10.1007\/978-3-030-92708-0_2"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","unstructured":"Yiming Zhang Baojun Liu Chaoyi Lu Zhou Li Haixin Duan Jiachen Li and Zaifeng Zhang. 2021. Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem. In CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security Virtual Event Republic of Korea November 15 - 19 2021 Yongdae Kim Jong Kim Giovanni Vigna and Elaine Shi (Eds.). ACM New York NY USA 1373-1387. doi:10.1145\/3460120.3484768","DOI":"10.1145\/3460120.3484768"}],"event":{"name":"IMC '25:ACM Internet Measurement Conference","location":"Madison WI USA","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication","USENIX"]},"container-title":["Proceedings of the 2025 ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3730567.3732921","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T17:39:31Z","timestamp":1760549971000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3730567.3732921"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,15]]},"references-count":43,"alternative-id":["10.1145\/3730567.3732921","10.1145\/3730567"],"URL":"https:\/\/doi.org\/10.1145\/3730567.3732921","relation":{},"subject":[],"published":{"date-parts":[[2025,10,15]]},"assertion":[{"value":"2025-10-15","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}