{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T12:07:54Z","timestamp":1763381274746,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","funder":[{"name":"Ministry of Science and ICT, South Korea","award":["IITP-2025-2021-0-02048","RS-2021-II211343","NRF-2022R1A2C2011221","RS-2023-00220985","IITP-2025-RS-2024-00418784"],"award-info":[{"award-number":["IITP-2025-2021-0-02048","RS-2021-II211343","NRF-2022R1A2C2011221","RS-2023-00220985","IITP-2025-RS-2024-00418784"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,17]]},"DOI":"10.1145\/3772356.3772399","type":"proceedings-article","created":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T12:02:48Z","timestamp":1763380968000},"page":"370-376","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Leveraging Certificate Transparency to Mitigate Downgrade Attacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5089-5442","authenticated-orcid":false,"given":"Hyunsoo","family":"Kim","sequence":"first","affiliation":[{"name":"Seoul National University, Seoul, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-8641-7031","authenticated-orcid":false,"given":"Myungbin","family":"Hwang","sequence":"additional","affiliation":[{"name":"Seoul National University, Seoul, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7795-0077","authenticated-orcid":false,"given":"Taekyoung","family":"Kwon","sequence":"additional","affiliation":[{"name":"Seoul National University, Seoul, Republic of Korea"}]}],"member":"320","published-online":{"date-parts":[[2025,11,17]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01704-0_27"},{"key":"e_1_3_2_1_2_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Chung Taejoong","year":"2017","unstructured":"Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, and Christo Wilson. 2017. A Longitudinal,{End-to-End} View of the {DNSSEC} Ecosystem. In 26th USENIX Security Symposium (USENIX Security 17). 1307\u20131322."},{"key":"e_1_3_2_1_3_1","volume":"201","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In 22nd ACM Conference on Computer and Communications Security.","journal-title":"J. Alex Halderman."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813607"},{"key":"e_1_3_2_1_5_1","unstructured":"Google. [n. d.]. Certificate Transparency Monitors. https:\/\/certificate.transparency.dev\/monitors\/. Accessed: 2024-06-27."},{"key":"e_1_3_2_1_6_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Heftrig Elias","year":"2023","unstructured":"Elias Heftrig, Haya Shulman, and Michael Waidner. 2023. Downgrading {DNSSEC}: How to Exploit Crypto Agility for Hijacking Signed Zones. In 32nd USENIX Security Symposium (USENIX Security 23). 7429\u20137444."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","unstructured":"Paul E. Hoffman. 2002. SMTP Service Extension for Secure SMTP over Transport Layer Security. RFC 3207. 10.17487\/RFC3207","DOI":"10.17487\/RFC3207"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","unstructured":"Paul E. Hoffman. 2023. DNS Security Extensions (DNSSEC). RFC 9364. 10.17487\/RFC9364","DOI":"10.17487\/RFC9364"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8484"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7858"},{"key":"e_1_3_2_1_11_1","volume-title":"10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20)","author":"Huang Qing","year":"2020","unstructured":"Qing Huang, Deliang Chang, and Zhou Li. 2020. A comprehensive study of {DNS-over-HTTPS} downgrade attack. In 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20)."},{"key":"e_1_3_2_1_12_1","unstructured":"Karel Hynek. 2021. The Prevalence of DNS over HTTPS. https:\/\/blog.apnic.net\/2021\/02\/16\/the-prevalence-of-dns-over-https. Accessed: 2024-06-27."},{"key":"e_1_3_2_1_13_1","volume-title":"DNS Threat Report \u2014 Q3","author":"Katz Or","year":"2022","unstructured":"Or Katz. 2022. DNS Threat Report \u2014 Q3 2022. https:\/\/www.akamai.com\/blog\/security\/dns-threat-report-q3-2022. Accessed: 2024-06-27."},{"key":"e_1_3_2_1_14_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Kondracki Brian","year":"2022","unstructured":"Brian Kondracki, Johnny So, and Nick Nikiforakis. 2022. Uninvited guests: Analyzing the identity and behavior of certificate transparency bots. In 31st USENIX Security Symposium (USENIX Security 22). 53\u201370."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. 10.17487\/RFC6962","DOI":"10.17487\/RFC6962"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386367.3431310"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345653"},{"key":"e_1_3_2_1_18_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Poddebniak Damian","year":"2021","unstructured":"Damian Poddebniak, Fabian Ising, Hanno B\u00f6ck, and Sebastian Schinzel. 2021. Why {tls} is better without {starttls}: A security analysis of {starttls} in the email context. In 30th USENIX Security Symposium (USENIX Security 21). 4365\u20134382."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","unstructured":"Benjamin M. Schwartz. 2023. Service Binding Mapping for DNS Servers. RFC 9461. 10.17487\/RFC9461","DOI":"10.17487\/RFC9461"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","unstructured":"Benjamin M. Schwartz Mike Bishop and Erik Nygren. 2023. Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records). RFC 9460. 10.17487\/RFC9460","DOI":"10.17487\/RFC9460"},{"key":"e_1_3_2_1_21_1","unstructured":"Aozhuo Sun Jingqiang Lin Wei Wang Zeyan Liu Bingyu Li Shushang Wen and Qiongxiao Wang Fengjun Li. 2024. Certificate Transparency Revisited: The Public Inspections on Third-party Monitors. In NDSS."},{"key":"e_1_3_2_1_22_1","volume-title":"Winding Down STARTTLS Everywhere. https:\/\/www.eff.org\/deeplinks\/2020\/12\/winding-down-starttls-everywhere","author":"Wang Maxie","year":"2024","unstructured":"Maxie Wang. 2020. Winding Down STARTTLS Everywhere. https:\/\/www.eff.org\/deeplinks\/2020\/12\/winding-down-starttls-everywhere. Electronic Frontier Foundation, Accessed: 2024-06-27."}],"event":{"name":"HotNets '25: 24th ACM Workshop on Hot Topics in Networks","location":"UMD Campus College Park MD USA","acronym":"HotNets '25","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 24th ACM Workshop on Hot Topics in Networks"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772356.3772399","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T12:03:22Z","timestamp":1763381002000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772356.3772399"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,17]]},"references-count":22,"alternative-id":["10.1145\/3772356.3772399","10.1145\/3772356"],"URL":"https:\/\/doi.org\/10.1145\/3772356.3772399","relation":{},"subject":[],"published":{"date-parts":[[2025,11,17]]},"assertion":[{"value":"2025-11-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}