{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:56:41Z","timestamp":1763740601427,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":102,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,28]]},"DOI":"10.1145\/3730567.3764483","type":"proceedings-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:22:38Z","timestamp":1763738558000},"page":"851-870","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Analyzing Compliance and Complications of Integrating Internationalized X.509 Certificates"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9797-6875","authenticated-orcid":false,"given":"Mingming","family":"Zhang","sequence":"first","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-7122-519X","authenticated-orcid":false,"given":"Jinfeng","family":"Guo","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6774-5299","authenticated-orcid":false,"given":"Yiming","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0330-0028","authenticated-orcid":false,"given":"Shenglin","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9032-8063","authenticated-orcid":false,"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7891-0775","authenticated-orcid":false,"given":"Hanqing","family":"Zhao","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7388-1329","authenticated-orcid":false,"given":"Xiang","family":"Li","sequence":"additional","affiliation":[{"name":"Nankai Univeristy, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China and Quancheng Laboratory, Jinan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"abuse.ch. [n.d.]. SSL Blacklist. https:\/\/sslbl.abuse.ch\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298327"},{"key":"e_1_3_2_1_3_1","unstructured":"Arch Linux Forum. 2024. Delete Key Bug: Inputs U007F and U0621 in pt_BR Locale. https:\/\/bbs.archlinux.org\/viewtopic.php?id=298417."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-171110"},{"key":"e_1_3_2_1_5_1","unstructured":"Milan Bednar. 2021. OpenVPN - malformed log - certificate subject. https:\/\/forum.netgate.com\/topic\/163362\/openvpn-malformed-log-certificate-subject."},{"key":"e_1_3_2_1_6_1","unstructured":"Peter Bowen. 2016. certlint. https:\/\/github.com\/amazon-archives\/certlint."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_1_8_1","unstructured":"CA\/Browser Forum. 2023. Ballot SC063v4: Make OCSP Optional Require CRLs and Incentivize Automation. https:\/\/cabforum.org\/2023\/07\/14\/ballot-sc063v4-make-ocsp-optional-require-crls-and-incentivize-automation\/."},{"issue":"0","key":"e_1_3_2_1_9_1","first-page":"7","article-title":"Baseline Requirements for the Issuance and Management of Publicly?Trusted TLS Server Certificates","volume":"2","author":"Forum Browser","year":"2024","unstructured":"CA\/Browser Forum. 2024. Baseline Requirements for the Issuance and Management of Publicly?Trusted TLS Server Certificates, Version 2.0.7. https:\/\/cabforum.org\/working-groups\/server\/baseline-requirements\/documents\/CA-Browser-Forum-TLS-BR-2.0.7.pdf.","journal-title":"Version"},{"key":"e_1_3_2_1_10_1","unstructured":"Carnegie Mellon University-CERT Coordination Center. 2022. OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly. https:\/\/kb.cert.org\/vuls\/id\/794340."},{"key":"e_1_3_2_1_11_1","unstructured":"Certificate Transparency Policy. 2018. Upcoming CT Log Removal: WoSign. https:\/\/groups.google.com\/a\/chromium.org\/g\/ct-policy\/c\/UcCqlxuz_1c\/m\/Mf_939xYAQAJ?pli=1."},{"key":"e_1_3_2_1_12_1","volume-title":"Multiple Vendors TLS Certificate Common Name NULL Byte Input Validation Error (CVE-2015-3008","author":"Advisories Check Point","year":"2015","unstructured":"Check Point Advisories. 2015. Multiple Vendors TLS Certificate Common Name NULL Byte Input Validation Error (CVE-2015-3008; CVE-2015-3455). https:\/\/advisories.checkpoint.com\/defense\/advisories\/public\/2015\/cpai-2015-0589.html."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598110"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180226"},{"key":"e_1_3_2_1_15_1","unstructured":"Chrome. 2024. Certificate Transparency Log Policy. https:\/\/googlechrome.github.io\/CertificateTransparency\/log_policy.html."},{"key":"e_1_3_2_1_16_1","unstructured":"Suricata community. [n.d.]. Suricata Rules. https:\/\/github.com\/OISF\/suricata\/blob\/aeb200e001f56982115bb8bc908a15a49373f9ec\/doc\/userguide\/rules\/differences-from-snort.rst."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5280"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3492"},{"key":"e_1_3_2_1_19_1","unstructured":"curl. [n.d.]. curl. https:\/\/github.com\/curl\/curl."},{"key":"e_1_3_2_1_20_1","unstructured":"curl. 2023. CVE-2023-28321. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-28321."},{"key":"e_1_3_2_1_21_1","unstructured":"Unicode Character Database. 2024. Unicode Blocks. https:\/\/www.unicode.org\/Public\/UCD\/latest\/ucd\/Blocks.txt."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484793"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00220"},{"key":"e_1_3_2_1_24_1","volume-title":"21st Annual Network and Distributed System Security Symposium, NDSS 2014","author":"Delignat-Lavaud Antoine","year":"2014","unstructured":"Antoine Delignat-Lavaud, Mart\u00edn Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber, and Yinglian Xie. 2014. Web PKI: Closing the Gap between Guidelines and Practices. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2014\/web-pki-closing-gap-between-guidelines-and-practices"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624815"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_27_1","volume-title":"The Security Impact of HTTPS Interception. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Durumeric Zakir","year":"2017","unstructured":"Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael D. Bailey, J. Alex Halderman, and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/security-impact-https-interception\/"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9233"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00128"},{"key":"e_1_3_2_1_30_1","unstructured":"Feisty Duck. 2025. Certificate Lifetimes to Shrink to Just Forty-Seven Days. https:\/\/www.feistyduck.com\/newsletter\/issue_124_certificate_lifetimes_to_shrink_to_just_forty_seven_days."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","unstructured":"Patrik F\u00e4ltstr\u00f6m. 2010. The Unicode Code Points and Internationalized Domain Names for Applications (IDNA). RFC 5892. doi:10.17487\/RFC5892","DOI":"10.17487\/RFC5892"},{"key":"e_1_3_2_1_32_1","unstructured":"Globalsign. 2016. certlint. https:\/\/github.com\/globalsign\/certlint."},{"key":"e_1_3_2_1_33_1","unstructured":"Google. 2024. Certificate Transparency Known Logs. https:\/\/certificate.transparency.dev\/google\/."},{"key":"e_1_3_2_1_34_1","unstructured":"Google Security Blog. 2024. Sustaining Digital Certificate Security - Entrust Certificate Distrust. https:\/\/security.googleblog.com\/2024\/06\/sustaining-digital-certificate-security.html."},{"key":"e_1_3_2_1_35_1","unstructured":"Internet Security Research Group. 2017. Let's Encrypt Unicode Normalization Compliance Incident. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy\/c\/nMxaxhYb_iY\/m\/AmjCI3_ZBwAJ."},{"key":"e_1_3_2_1_36_1","unstructured":"HackerOne. [n.d.]. Why You Need Responsible Disclosure and How to Get Started. https:\/\/www.hackerone.com\/knowledge-center\/why-you-need-responsible-disclosure-and-how-get-started."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.23919\/IFIPNetworking57963.2023.10186356"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5895"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1184\/R1\/12367340.v1"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","unstructured":"Russ Housley. 2018. Internationalization Updates to RFC 5280. RFC 8399. doi:10.17487\/RFC8399","DOI":"10.17487\/RFC8399"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9549"},{"key":"e_1_3_2_1_43_1","unstructured":"IANA. 2024. IDNA Rules and Derived Property Values. https:\/\/www.iana.org\/assignments\/idna-tables-12.0.0\/idna-tables-12.0.0.xhtml."},{"key":"e_1_3_2_1_44_1","unstructured":"ICANN. [n.d.]. Universal Acceptance (UA). https:\/\/www.icann.org\/ua."},{"key":"e_1_3_2_1_45_1","unstructured":"International Telecommunication Union. latest edition a. ITU-T Recommendation X.509: The Directory: Public-key and attribute certificate frameworks. https:\/\/www.itu.int\/rec\/T-REC-X.509\/en."},{"key":"e_1_3_2_1_46_1","unstructured":"International Telecommunication Union. latest edition b. X.680 : Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation. https:\/\/www.itu.int\/rec\/T-REC-X.680\/en."},{"key":"e_1_3_2_1_47_1","unstructured":"International Telecommunication Union. latest edition c. X.690 : Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER) Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). https:\/\/www.itu.int\/rec\/T-REC-X.690\/en."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510203"},{"key":"e_1_3_2_1_49_1","volume-title":"PKI Layer Cake: New Collision Attacks against the Global X.509 Infrastructure","author":"Kaminsky Dan","unstructured":"Dan Kaminsky, Meredith L. Patterson, and Len Sassaman. 2010. PKI Layer Cake: New Collision Attacks against the Global X.509 Infrastructure. In Financial Cryptography and Data Security, Radu Sion (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 289-303."},{"key":"e_1_3_2_1_50_1","volume-title":"The Menlo report: Ethical principles guiding information and communication technology research. Available at SSRN 2445102","author":"Kenneally Erin","year":"2012","unstructured":"Erin Kenneally and David Dittrich. 2012. The Menlo report: Ethical principles guiding information and communication technology research. Available at SSRN 2445102 (2012)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1779"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","unstructured":"Dr. John C. Klensin. 2010. Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework. RFC 5890. doi:10.17487\/RFC5890","DOI":"10.17487\/RFC5890"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.17"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6962"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Adam Langley Emilia Kasper Eran Messeri and Rob Stradling. 2021. Certificate Transparency Version 2.0. RFC 9162. doi:10.17487\/RFC9162","DOI":"10.17487\/RFC9162"},{"key":"e_1_3_2_1_57_1","volume-title":"Announcing Six Day and IP Address Certificate Options","author":"Encrypt Let's","year":"2025","unstructured":"Let's Encrypt. 2025. Announcing Six Day and IP Address Certificate Options in 2025. https:\/\/letsencrypt.org\/2025\/01\/16\/6-day-and-ip-certs."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345653"},{"key":"e_1_3_2_1_59_1","unstructured":"libESMTP. 2010. CVE-2010-1192. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-1192."},{"key":"e_1_3_2_1_60_1","unstructured":"Zeek Log. [n.d.]. x509.log. https:\/\/docs.zeek.org\/en\/master\/logs\/x509.html."},{"key":"e_1_3_2_1_61_1","unstructured":"Ziyang Luo Can Xu Pu Zhao Xiubo Geng Chongyang Tao Jing Ma Qingwei Lin and Daxin Jiang. 2023. Augmented Large Language Models with Parametric Knowledge Guiding. arXiv:2305.04757 [cs.CL] https:\/\/arxiv.org\/abs\/2305.04757"},{"key":"e_1_3_2_1_62_1","unstructured":"Moxie Marlinspike. 2009. More Tricks For Defeating SSL In Practice. https:\/\/www.blackhat.com\/presentations\/bh-usa-09\/MARLINSPIKE\/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9598"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24556"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1034"},{"key":"e_1_3_2_1_66_1","unstructured":"Mozilla. [n.d.]. Common CA Database (CCADB). https:\/\/www.ccadb.org\/."},{"key":"e_1_3_2_1_67_1","unstructured":"Mozilla Bugzilla. 2025. Let's Encrypt: Issuance for Invalid Internationalized Domain Name. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1966515."},{"key":"e_1_3_2_1_68_1","unstructured":"MyF5. 2019. K81239824: The X509 iRules commands may incorrectly parse SSL certificate attributes. https:\/\/my.f5.com\/manage\/s\/article\/K81239824."},{"key":"e_1_3_2_1_69_1","unstructured":"Netgate. 2021. OpenVPN-malformed log-certificate subject. https:\/\/forum.netgate.com\/topic\/163362\/openvpn-malformed-log-certificate-subject."},{"key":"e_1_3_2_1_70_1","unstructured":"Node.js. 2021. CVE-2021-44533. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44533."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2019.8784633"},{"key":"e_1_3_2_1_72_1","unstructured":"OISF. [n.d.]. Suricata. https:\/\/github.com\/OISF\/suricata."},{"key":"e_1_3_2_1_73_1","unstructured":"OpenSSL. [n.d.]. CVE-2022-3786 and CVE-2022-3602: X.509 Email address buffer overflows. https:\/\/openssl-library.org\/post\/2022-11-01-email-address-overflows\/."},{"key":"e_1_3_2_1_74_1","unstructured":"OpenSSL. 2022. CVE-2022-3602. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-3602."},{"key":"e_1_3_2_1_75_1","unstructured":"OpenSSL extension in Ruby. 2015. CVE-2015-1855. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-1855."},{"key":"e_1_3_2_1_76_1","unstructured":"OSS. [n.d.]. ASN.1 Quick Reference. https:\/\/www.oss.com\/asn1\/resources\/asn1-made-simple\/asn1-quick-reference.html."},{"key":"e_1_3_2_1_77_1","unstructured":"Postfix. [n.d.]. Postfix TLS Support. http:\/\/www.postfix.org\/TLS_README.html."},{"key":"e_1_3_2_1_78_1","volume-title":"October","author":"Reports Unicode Technical","year":"2006","unstructured":"Unicode Technical Reports. [n.d.]. Unicode Standard Annex #15: Unicode Normalization Forms'', October 2006. http:\/\/www.unicode.org\/reports\/tr15\/."},{"key":"e_1_3_2_1_79_1","unstructured":"Zeek repository. [n.d.]. The Zeek Network Security Monitor. https:\/\/github.com\/zeek\/zeek\/blob\/c04e503c92faa3872ed3419c2ec0327d70b62f0c\/src\/file_analysis\/analyzer\/x509\/X509.cc."},{"key":"e_1_3_2_1_80_1","unstructured":"Kurt Roeckx. 2016. x509lint. https:\/\/github.com\/kroeckx\/x509lint."},{"key":"e_1_3_2_1_81_1","unstructured":"Jonathan Rudenberg. 2017a. Certificates with invalidly long serial numbers. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy\/c\/b33_4CyJbWI."},{"key":"e_1_3_2_1_82_1","unstructured":"Jonathan Rudenberg. 2017b. Certificates with metadata-only subject fields. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy\/c\/Sae5lpT02Ng."},{"key":"e_1_3_2_1_83_1","unstructured":"s2n-tls. 2023. Issue with parsing Certificate Common Name (CN) in s2n-tls. https:\/\/github.com\/aws\/s2n-tls\/security\/advisories\/GHSA-h5p4-28rh-q272."},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9525"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.46"},{"key":"e_1_3_2_1_86_1","volume-title":"27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Smith Trevor","year":"2020","unstructured":"Trevor Smith, Luke Dickenson, and Kent E. Seamons. 2020. Let's Revoke: Scalable Global Certificate Revocation. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/lets-revoke-scalable-global-certificate-revocation\/"},{"key":"e_1_3_2_1_87_1","unstructured":"Snort 3.0 Team. [n.d.]. Snort. https:\/\/github.com\/snort3\/snort3."},{"key":"e_1_3_2_1_88_1","unstructured":"Rob Stradling. 2023. pkimetal. https:\/\/github.com\/pkimetal\/pkimetal."},{"key":"e_1_3_2_1_89_1","unstructured":"Nick Sullivan. 2024a. LLMS and RFCGPT - Leveraging large language model platforms to understand standards. https:\/\/datatracker.ietf.org\/meeting\/119\/materials\/slides-119-rasprg-llms-and-rfcgpt-leveraging-large-language-model-platforms-to-understand-standards-01."},{"key":"e_1_3_2_1_90_1","unstructured":"Nick Sullivan. 2024b. RFCGPT. https:\/\/cryptography.consulting\/rfcgpt."},{"key":"e_1_3_2_1_91_1","volume-title":"Certificate Transparency Revisited: The Public Inspections on Third-party Monitors. In 31st Annual Network and Distributed System Security Symposium, NDSS 2024","author":"Sun Aozhuo","year":"2024","unstructured":"Aozhuo Sun, Jingqiang Lin, Wei Wang, Zeyan Liu, Bingyu Li, Shushang Wen, Qiongxiao Wang, and Fengjun Li. 2024. Certificate Transparency Revisited: The Public Inspections on Third-party Monitors. In 31st Annual Network and Distributed System Security Symposium, NDSS 2024, San Diego, California, USA, February 26 - March 1, 2024. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/certificate-transparency-revisited-the-public-inspections-on-third-party-monitors\/"},{"key":"e_1_3_2_1_92_1","unstructured":"Snort 3.0 Team. [n.d.]. snort3 ssl.cc. https:\/\/github.com\/snort3\/snort3\/blob\/8f8e9cf28856359a1ef3081baa9240f90276f8d4\/src\/protocols\/ssl.cc."},{"key":"e_1_3_2_1_93_1","unstructured":"The Chromium Projects. [n.d.]. Moving Forward Together. https:\/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy\/moving-forward-together\/."},{"key":"e_1_3_2_1_94_1","unstructured":"The Register. 2025. Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps. https:\/\/www.theregister.com\/2025\/04\/22\/ssl_com_validation_flaw\/."},{"key":"e_1_3_2_1_95_1","unstructured":"The Unicode Consortium. [n.d.]. Unicode 16.0 Character Code Charts. https:\/\/unicode.org\/charts\/PDF\/U0000.pdf."},{"key":"e_1_3_2_1_96_1","unstructured":"The ZMap Project. 2016. ZLint. https:\/\/github.com\/zmap\/zlint\/."},{"key":"e_1_3_2_1_97_1","unstructured":"UASG. 2024. UASG 050 UA-Readiness Report FY24. https:\/\/uasg.tech\/download\/uasg-050-ua-readiness-report-fy24\/."},{"key":"e_1_3_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2253"},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00211"},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386252"},{"key":"e_1_3_2_1_101_1","unstructured":"Zeek Network Monitoring Project. [n.d.]. The Zeek Network Security Monitor. https:\/\/github.com\/zeek\/zeek."},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC451410.17487\/RFC4514"}],"event":{"name":"IMC '25:ACM Internet Measurement Conference","location":"Madison WI USA","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2025 ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3730567.3764483","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:30:15Z","timestamp":1763739015000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3730567.3764483"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,28]]},"references-count":102,"alternative-id":["10.1145\/3730567.3764483","10.1145\/3730567"],"URL":"https:\/\/doi.org\/10.1145\/3730567.3764483","relation":{},"subject":[],"published":{"date-parts":[[2025,10,28]]},"assertion":[{"value":"2025-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}