{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T03:41:05Z","timestamp":1770176465408,"version":"3.49.0"},"reference-count":115,"publisher":"Association for Computing Machinery (ACM)","issue":"7","funder":[{"name":"National Research Foundation of Kore","award":["RS-2025-00563143, RS-2021-NR060143"],"award-info":[{"award-number":["RS-2025-00563143, RS-2021-NR060143"]}]},{"name":"Institute of Information & communications Technology Planning & Evaluatio","award":["No.2022-0-00411, IITP-2025-RS-2021-II211810, RS-2025-25457342, RS-2025-25394739"],"award-info":[{"award-number":["No.2022-0-00411, IITP-2025-RS-2021-II211810, RS-2025-25457342, RS-2025-25394739"]}]},{"name":"National Science Foundation","award":["DGE-2335798 and CNS-2440819"],"award-info":[{"award-number":["DGE-2335798 and CNS-2440819"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2026,5,31]]},"abstract":"<jats:p>In the PKI system, revoking problematic certificates in a timely manner is essential for secure communications on the Internet. Regrettably, the primary revocation schemes have shown limitations in various aspects such as privacy and scalability. Although many state-of-the-art revocation techniques have been proposed to overcome such limitations, the implications of their deployment in practice in each aspect have not been deeply studied. This article aims to systematically classify and comparatively analyze the existing schemes in terms of security, efficiency, and practicality. Based on our evaluation, we also provide insight into securing the revocation systems, and finally discuss their future directions.<\/jats:p>","DOI":"10.1145\/3785653","type":"journal-article","created":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T12:03:12Z","timestamp":1766145792000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Certificate Revocation in the TLS Ecosystem: A Survey"],"prefix":"10.1145","volume":"58","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6728-0698","authenticated-orcid":false,"given":"Hyunsoo","family":"Kwon","sequence":"first","affiliation":[{"name":"Department of Computer and Engineering, Inha University","place":["Incheon, Korea (the Republic of)"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9033-990X","authenticated-orcid":false,"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville","place":["Knoxville, United States"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3906-7240","authenticated-orcid":false,"given":"Hodong","family":"Kim","sequence":"additional","affiliation":[{"name":"Korea University","place":["Seoul, Korea (the Republic of)"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4334-0411","authenticated-orcid":false,"given":"Changhee","family":"Hahn","sequence":"additional","affiliation":[{"name":"Seoul National University of Science and Technology","place":["Seoul, Korea (the Republic of)"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4823-4194","authenticated-orcid":false,"given":"Junbeom","family":"Hur","sequence":"additional","affiliation":[{"name":"Korea University","place":["Seoul, Korea (the Republic of)"]}]}],"member":"320","published-online":{"date-parts":[[2026,2,3]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6066"},{"key":"e_1_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3214303"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_3_5_2","article-title":"Detecting Certificate Authority compromises and web browser collusion","author":"Appelbaum Jacob","year":"2011","unstructured":"Jacob Appelbaum. 2011. Detecting Certificate Authority compromises and web browser collusion. Online. Retrieved May 31, 2024 from https:\/\/blog.torproject.org\/detecting-certificate-authority-compromises-and-web-browser-collusion","journal-title":"Online"},{"key":"e_1_3_3_6_2","article-title":"DigiNotar SSL certificate hack amounts to cyberwar, says expert","author":"Arthur Charles","year":"2011","unstructured":"Charles Arthur. 2011. DigiNotar SSL certificate hack amounts to cyberwar, says expert. Online. Retrieved May 31, 2024 from https:\/\/www.theguardian.com\/technology\/2011\/sep\/05\/diginotar-certificate-hack-cyberwar","journal-title":"Online"},{"key":"e_1_3_3_7_2","article-title":"Rogue web certificate could have been used to attack Iran dissidents","author":"Arthur Charles","year":"2011","unstructured":"Charles Arthur. 2011. Rogue web certificate could have been used to attack Iran dissidents. Online. Retrieved May 31, 2024 from https:\/\/www.theguardian.com\/technology\/2011\/aug\/30\/faked-web-certificate-iran-dissidents","journal-title":"Online"},{"key":"e_1_3_3_8_2","first-page":"689","volume-title":"USENIX Security Symposium","author":"Aviram Nimrod","year":"2016","unstructured":"Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, et\u00a0al. 2016. DROWN: Breaking TLS using SSLv2. In USENIX Security Symposium. 689\u2013706."},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8555"},{"key":"e_1_3_3_10_2","article-title":"Your Apps and Evolving Network Security Standards","author":"Basile Bailey","year":"2017","unstructured":"Bailey Basile. 2017. Your Apps and Evolving Network Security Standards. Online. Retrieved Jan 01, 2021 from https:\/\/developer.apple.com\/videos\/play\/wwdc2017\/701\/","journal-title":"Online"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3134383.3134389"},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3299357"},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978423"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/362686.362692"},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5280"},{"key":"e_1_3_3_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19571-6_16"},{"key":"e_1_3_3_17_2","article-title":"Another fraudulent certificate raises the same old questions about certificate authorities","author":"Bright Peter","year":"2011","unstructured":"Peter Bright. 2011. Another fraudulent certificate raises the same old questions about certificate authorities. Online. Retrieved May 31, 2024 from https:\/\/arstechnica.com\/information-technology\/2011\/08\/earlier-this-year-an-iranian\/","journal-title":"Online"},{"key":"e_1_3_3_18_2","article-title":"How the comodo certificate fraud calls CA trust into question","author":"Bright Peter","year":"2011","unstructured":"Peter Bright. 2011. How the comodo certificate fraud calls CA trust into question. Online. Retrieved May 31, 2024 from https:\/\/arstechnica.com\/information-technology\/2011\/03\/how-the-comodo-certificate-fraud-calls-ca-trust-into-question\/","journal-title":"Online"},{"key":"e_1_3_3_19_2","first-page":"178","article-title":"Black tulip report of the investigation into the DigiNotar certificate authority breach","author":"BV Fox-IT","year":"2012","unstructured":"Fox-IT BV. 2012. Black tulip report of the investigation into the DigiNotar certificate authority breach. Delft, The Netherlands (2012), 178.","journal-title":"Delft, The Netherlands"},{"key":"e_1_3_3_20_2","article-title":"SEC 4: Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV)","volume":"1","author":"Campagna Matthew","year":"2013","unstructured":"Matthew Campagna. 2013. SEC 4: Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV). Standards for Efficient Cryptography, Version 1 (2013).","journal-title":"Standards for Efficient Cryptography, Version"},{"key":"e_1_3_3_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2017.8057065"},{"key":"e_1_3_3_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8486344"},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00046"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346853"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278543"},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"e_1_3_3_27_2","article-title":"Introducing Certificate Transparency and Nimbus","year":"2018","unstructured":"Cloudflare. 2018. Introducing Certificate Transparency and Nimbus. Online. Retrieved Jan 01, 2021 from https:\/\/blog.cloudflare.com\/introducing-certificate-transparency-and-nimbus\/","journal-title":"Online"},{"key":"e_1_3_3_28_2","first-page":"1","article-title":"Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile.","volume":"5280","author":"Cooper David","year":"2008","unstructured":"David Cooper, Stefan Santesson, Stephen Farrell, Sharon Boeyen, Russell Housley, W. Timothy Polk, et\u00a0al. 2008. Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280 (2008), 1\u2013151.","journal-title":"RFC"},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2914453"},{"key":"e_1_3_3_30_2","unstructured":"DigiCert. 2003. Online. Retrieved Jan 01 2021 from https:\/\/www.digicert.com\/"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251396"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_3_34_2","first-page":"605","volume-title":"22nd  \\(\\lbrace\\) USENIX \\(\\rbrace\\)  Security Symposium ( \\(\\lbrace\\) USENIX \\(\\rbrace\\)  Security 13)","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast internet-wide scanning and its security applications. In 22nd \\(\\lbrace\\) USENIX \\(\\rbrace\\) Security Symposium ( \\(\\lbrace\\) USENIX \\(\\rbrace\\) Security 13). 605\u2013620."},{"key":"e_1_3_3_35_2","volume-title":"Transport layer security (TLS) extensions: Extension definitions","author":"Eastlake Donald","year":"2011","unstructured":"Donald Eastlake et\u00a0al. 2011. Transport layer security (TLS) extensions: Extension definitions. Technical Report. RFC 6066, January."},{"key":"e_1_3_3_36_2","article-title":"Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?","author":"Eckersley Peter","year":"2011","unstructured":"Peter Eckersley. 2011. Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? Online. Retrieved May 31, 2024 from https:\/\/www.eff.org\/es\/deeplinks\/2011\/03\/iranian-hackers-obtain-fraudulent-https","journal-title":"Online"},{"key":"e_1_3_3_37_2","article-title":"A Syrian Man-In-The-Middle Attack against Facebook","author":"Eckersley Peter","year":"2011","unstructured":"Peter Eckersley. 2011. A Syrian Man-In-The-Middle Attack against Facebook. Online. Retrieved May 31, 2024 from https:\/\/www.eff.org\/ko\/deeplinks\/2011\/05\/syrian-man-middle-against-facebook","journal-title":"Online"},{"key":"e_1_3_3_38_2","article-title":"Introducing Oak, a Free and Open Certificate Transparency Log","author":"Encrypt Let\u2019s","year":"2019","unstructured":"Let\u2019s Encrypt. 2019. Introducing Oak, a Free and Open Certificate Transparency Log. Online. Retrieved Jan 01, 2021 from https:\/\/letsencrypt.org\/2019\/05\/15\/introducing-oak-ct-log.html","journal-title":"Online"},{"key":"e_1_3_3_39_2","article-title":"Let\u2019s Encrypt Certificates Issued Per Day","author":"Encrypt Let\u2019s","year":"2022","unstructured":"Let\u2019s Encrypt. 2022. Let\u2019s Encrypt Certificates Issued Per Day. Online. Retrieved May 28, 2022 from https:\/\/letsencrypt.org\/stats\/","journal-title":"Online"},{"key":"e_1_3_3_40_2","unstructured":"CABrowser Forum. 2005. Online. Retrieved Jan 01 2021 from https:\/\/cabforum.org\/"},{"key":"e_1_3_3_41_2","article-title":"Baseline requirements documents","author":"Forum CABrowser","year":"2018","unstructured":"CABrowser Forum. 2018. Baseline requirements documents. Online. Retrieved May 08, 2018 from https:\/\/cabforum.org\/baseline-requirements-documents\/","journal-title":"Online"},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC-SmartCity-DSS50907.2020.00108"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1966.1053907"},{"key":"e_1_3_3_44_2","article-title":"Symantec employees fired for issuing rogue HTTPS certificate for Google","author":"Goodin Dan","year":"2015","unstructured":"Dan Goodin. 2015. Symantec employees fired for issuing rogue HTTPS certificate for Google. Online. Retrieved May 31, 2024 from https:\/\/www.eff.org\/ko\/deeplinks\/2011\/05\/syrian-man-middle-against-facebook","journal-title":"Online"},{"key":"e_1_3_3_45_2","article-title":"Revoking Intermediate Certificates: Introducing OneCRL","author":"Goodwin M.","year":"2013","unstructured":"M. Goodwin. 2013. Revoking Intermediate Certificates: Introducing OneCRL. Online. Retrieved Jan 01, 2021 from http:\/\/mzl.la\/1zLFp7M","journal-title":"Online"},{"key":"e_1_3_3_46_2","volume-title":"CRLSet Tools","year":"2017","unstructured":"Google 2017. CRLSet Tools. Retrieved May 01, 2022 from https:\/\/github.com\/agl\/crlset-tools"},{"key":"e_1_3_3_47_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7633"},{"key":"e_1_3_3_48_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.vehcom.2022.100531"},{"key":"e_1_3_3_49_2","first-page":"205","volume-title":"21st  \\(\\lbrace\\) USENIX \\(\\rbrace\\)  Security Symposium ( \\(\\lbrace\\) USENIX \\(\\rbrace\\)  Security 12)","author":"Heninger Nadia","year":"2012","unstructured":"Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In 21st \\(\\lbrace\\) USENIX \\(\\rbrace\\) Security Symposium ( \\(\\lbrace\\) USENIX \\(\\rbrace\\) Security 12). 205\u2013220."},{"key":"e_1_3_3_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_3_51_2","unstructured":"IdenTrust. 1999. Online. Retrieved Jan 01 2021 from https:\/\/www.identrust.com\/"},{"key":"e_1_3_3_52_2","article-title":"Alexa Top 1,000,000 Sites","author":"Inc. Alexa Internet","year":"2011","unstructured":"Alexa Internet Inc.2011. Alexa Top 1,000,000 Sites. Online. Retrieved May 08, 2018 from http:\/\/s3.amazonaws.com\/alexa-static\/top-1m.csv.zip","journal-title":"Online"},{"issue":"71","key":"e_1_3_3_53_2","first-page":"1","article-title":"A public-key cryptosystem suitable for digital multisignatures","author":"Itakura Kazuharu","year":"1983","unstructured":"Kazuharu Itakura and Katsuhiro Nakamura. 1983. A public-key cryptosystem suitable for digital multisignatures. NEC Research & Development71 (1983), 1\u20138.","journal-title":"NEC Research & Development"},{"key":"e_1_3_3_54_2","unstructured":"ITU-T. 2021. Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER) Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). Retrieved from https:\/\/www.itu.int\/rec\/T-REC-X.690-202102-I\/en"},{"key":"e_1_3_3_55_2","first-page":"752","volume-title":"European Symposium on Research in Computer Security","author":"Jager Tibor","year":"2012","unstructured":"Tibor Jager, Sebastian Schinzel, and Juraj Somorovsky. 2012. Bleichenbacher\u2019s attack strikes again: Breaking PKCS# 1 v1. 5 in XML Encryption. In European Symposium on Research in Computer Security. Springer, 752\u2013769."},{"key":"e_1_3_3_56_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2022.3178081"},{"key":"e_1_3_3_57_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2023.3323640"},{"key":"e_1_3_3_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453100"},{"key":"e_1_3_3_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_3_60_2","article-title":"Revocation Checking And Chrome\u2019s CRL","author":"Langley Adam","year":"2012","unstructured":"Adam Langley. 2012. Revocation Checking And Chrome\u2019s CRL. Online. Retrieved Jan 01, 2021 from https:\/\/www.imperialviolet.org\/2012\/02\/05\/crlsets.html","journal-title":"Online"},{"key":"e_1_3_3_61_2","article-title":"No, don\u2019t enable revocation checking","author":"Langley Adam","year":"2014","unstructured":"Adam Langley. 2014. No, don\u2019t enable revocation checking. Online. Retrieved Jan 01, 2021 from https:\/\/www.imperialviolet.org\/2014\/04\/19\/revchecking.html","journal-title":"Online"},{"key":"e_1_3_3_62_2","article-title":"Revocation still doesn\u2019t work","author":"Langley Adam","year":"2014","unstructured":"Adam Langley. 2014. Revocation still doesn\u2019t work. Online. Retrieved Jan 01, 2021 from https:\/\/www.imperialviolet.org\/2014\/04\/29\/revocationagain.html","journal-title":"Online"},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560594"},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.17"},{"key":"e_1_3_3_65_2","doi-asserted-by":"publisher","DOI":"10.1145\/2659897"},{"key":"e_1_3_3_66_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6962"},{"key":"e_1_3_3_67_2","article-title":"Trustwave admits crafting SSL snooping certificate","author":"Leyden John","year":"2012","unstructured":"John Leyden. 2012. Trustwave admits crafting SSL snooping certificate. Online. Retrieved May 31, 2024 from https:\/\/www.theregister.co.uk\/2012\/02\/09\/tustwave_disavows$$_mitm_digital_cert\/$","journal-title":"Online"},{"key":"e_1_3_3_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/icc.2011.5962925"},{"key":"e_1_3_3_69_2","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815685"},{"key":"e_1_3_3_70_2","article-title":"On the complexity of the web\u2019s PKI: Evaluating certificate validation of mobile browsers","author":"Luo Meng","year":"2023","unstructured":"Meng Luo, Bo Feng, Long Lu, Engin Kirda, and Kui Ren. 2023. On the complexity of the web\u2019s PKI: Evaluating certificate validation of mobile browsers. IEEE Transactions on Dependable and Secure Computing 21, 1 (2023), 419\u2013433.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_3_71_2","volume-title":"Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning","author":"Lyon Gordon Fyodor","year":"2008","unstructured":"Gordon Fyodor Lyon. 2008. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure. Com LLC (US)."},{"key":"e_1_3_3_72_2","volume-title":"A Survey and Security Strength Classification of PKI Certificate Revocation Management Implementations","author":"MacMichael John L.","year":"2003","unstructured":"John L. MacMichael. 2003. A Survey and Security Strength Classification of PKI Certificate Revocation Management Implementations. Ph. D. Dissertation. Monterey, California. Naval Postgraduate School."},{"key":"e_1_3_3_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2015.2408597"},{"key":"e_1_3_3_74_2","first-page":"369","volume-title":"Conference on the Theory and Application of Cryptographic Techniques","author":"Merkle Ralph C","year":"1987","unstructured":"Ralph C Merkle. 1987. A digital signature based on a conventional encryption function. In Conference on the Theory and Application of Cryptographic Techniques. Springer, 369\u2013378."},{"key":"e_1_3_3_75_2","first-page":"733","volume-title":"23rd  \\(\\lbrace\\) USENIX \\(\\rbrace\\)  Security Symposium ( \\(\\lbrace\\) USENIX \\(\\rbrace\\)  Security 14)","author":"Meyer Christopher","year":"2014","unstructured":"Christopher Meyer, Juraj Somorovsky, Eugen Weiss, J\u00f6rg Schwenk, Sebastian Schinzel, and Erik Tews. 2014. Revisiting SSL\/TLS implementations: New bleichenbacher side channels and attacks. In 23rd \\(\\lbrace\\) USENIX \\(\\rbrace\\) Security Symposium ( \\(\\lbrace\\) USENIX \\(\\rbrace\\) Security 14). 733\u2013748."},{"key":"e_1_3_3_76_2","article-title":"What is Microsoft Edge Legacy?","year":"2020","unstructured":"Microsoft. 2020. What is Microsoft Edge Legacy? Online. Retrieved Jan 01, 2021 from https:\/\/support.microsoft.com\/en-us\/microsoft-edge\/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0","journal-title":"Online"},{"key":"e_1_3_3_77_2","first-page":"34","article-title":"This POODLE bites: Exploiting the SSL 3.0 fallback","volume":"21","author":"M\u00f6ller Bodo","year":"2014","unstructured":"Bodo M\u00f6ller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: Exploiting the SSL 3.0 fallback. Security Advisory 21 (2014), 34\u201358.","journal-title":"Security Advisory"},{"key":"e_1_3_3_78_2","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987446"},{"key":"e_1_3_3_79_2","article-title":"CA: Revocation Plan","year":"2014","unstructured":"Mozilla. 2014. CA: Revocation Plan. Online. Retrieved Jan 01, 2021 from https:\/\/wiki.allizom.org\/CA:RevocationPlan#OneCRL","journal-title":"Online"},{"key":"e_1_3_3_80_2","volume-title":"OneCRL Tools","year":"2017","unstructured":"Mozilla 2017. OneCRL Tools. Retrieved May 01, 2022 from https:\/\/github.com\/mozilla\/OneCRL-Tools"},{"key":"e_1_3_3_81_2","article-title":"Mozilla Security Blog","year":"2020","unstructured":"Mozilla. 2020. Mozilla Security Blog. Online. Retrieved Jan 01, 2021 from https:\/\/blog.mozilla.org\/security\/2020\/12\/01\/crlite-part-4-infrastructure-design\/","journal-title":"Online"},{"key":"e_1_3_3_82_2","doi-asserted-by":"crossref","unstructured":"Michael Myers Rich Ankney Ambarish Malpani Slava Galperin and Carlisle Adams. 1999. RFC2560: X. 509 internet public key infrastructure online certificate status protocol-OCSP. RFC Editor.","DOI":"10.17487\/rfc2560"},{"key":"e_1_3_3_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/49.839932"},{"issue":"1","key":"e_1_3_3_84_2","first-page":"430","article-title":"Deflate compression algorithm","volume":"4","author":"Oswal Savan","year":"2016","unstructured":"Savan Oswal, Anjali Singh, and Kirthi Kumari. 2016. Deflate compression algorithm. International Journal of Engineering Research and General Science 4, 1 (2016), 430\u2013436.","journal-title":"International Journal of Engineering Research and General Science"},{"key":"e_1_3_3_85_2","article-title":"Binary diff\/patch utility","author":"Percival Colin","year":"2003","unstructured":"Colin Percival. 2003. Binary diff\/patch utility. URL: http:\/\/www.daemonology.net\/bsdiff (2003).","journal-title":"URL:"},{"key":"e_1_3_3_86_2","volume-title":"SSL and TLS: designing and building secure systems","author":"Rescorla Eric","year":"2001","unstructured":"Eric Rescorla. 2001. SSL and TLS: designing and building secure systems. Vol. 1. Addison-Wesley Reading."},{"key":"e_1_3_3_87_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_3_88_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5246"},{"key":"e_1_3_3_89_2","article-title":"Security Protocol and Data Model (SPDM) Specification","author":"Andersen Lee Ballard Steven Bellock Heng Cai Patrick Caporale Yu-Yuan Chen Andrew Draper Nigel Edwards Richelle Ahlvers, Jeff","year":"2023","unstructured":"Lee Ballard Steven Bellock Heng Cai Patrick Caporale Yu-Yuan Chen Andrew Draper Nigel Edwards Richelle Ahlvers, Jeff Andersen. 2023. Security Protocol and Data Model (SPDM) Specification. DSP0274. Retrieved from https:\/\/www.dmtf.org\/sites\/default\/files\/standards\/documents\/DSP0274_1.3.0.pdf","journal-title":"DSP0274"},{"key":"e_1_3_3_90_2","article-title":"PHONY SSL CERTIFICATES ISSUED FOR GOOGLE, YAHOO, SKYPE, OTHERS","author":"Roberts Paul","year":"2011","unstructured":"Paul Roberts. 2011. PHONY SSL CERTIFICATES ISSUED FOR GOOGLE, YAHOO, SKYPE, OTHERS. Online. Retrieved May 31, 2024 from https:\/\/threatpost.com\/phony-ssl-certificates-issued-google-yahoo-skype-others-032311\/75061\/","journal-title":"Online"},{"key":"e_1_3_3_91_2","article-title":"How do browsers handle revoked SSL\/TLS certificates?","author":"Russell Aaron","year":"2021","unstructured":"Aaron Russell. 2021. How do browsers handle revoked SSL\/TLS certificates? Online. Retrieved Jan 01, 2021 from https:\/\/www.ssl.com\/blogs\/how-do-browsers-handle-revoked-ssl-tls-certificates\/","journal-title":"Online"},{"key":"e_1_3_3_92_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23379"},{"key":"e_1_3_3_93_2","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7524"},{"key":"e_1_3_3_94_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40453-5_28"},{"key":"e_1_3_3_95_2","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660376"},{"key":"e_1_3_3_96_2","unstructured":"Sectigo. 1998. Online. Retrieved Jan 01 2021 from https:\/\/sectigo.com\/"},{"key":"e_1_3_3_97_2","first-page":"74","volume-title":"International Workshop on Selected Areas in Cryptography","author":"Sepehrdad Pouyan","year":"2010","unstructured":"Pouyan Sepehrdad, Serge Vaudenay, and Martin Vuagnoux. 2010. Discovery and exploitation of new biases in RC4. In International Workshop on Selected Areas in Cryptography. Springer, 74\u201391."},{"key":"e_1_3_3_98_2","doi-asserted-by":"publisher","DOI":"10.1109\/.2006.1629442"},{"key":"e_1_3_3_99_2","volume-title":"27th Annual Network and Distributed System Security Symposium, NDSS","author":"Smith Trevor","year":"2020","unstructured":"Trevor Smith, Luke Dickinson, and Kent Seamons. 2020. Let\u2019s revoke: Scalable global certificate revocation. In 27th Annual Network and Distributed System Security Symposium, NDSS."},{"key":"e_1_3_3_100_2","first-page":"250","volume-title":"International Conference on Financial Cryptography and Data Security","author":"Soghoian Christopher","year":"2011","unstructured":"Christopher Soghoian and Sid Stamm. 2011. Certified lies: Detecting and defeating government interception attacks against SSL (short paper). In International Conference on Financial Cryptography and Data Security. Springer, 250\u2013259."},{"key":"e_1_3_3_101_2","article-title":"DV, OV, IV, and EV Certificates","year":"2020","unstructured":"SSL.com. 2020. DV, OV, IV, and EV Certificates. Online. Retrieved Jan 01, 2021 from https:\/\/www.ssl.com\/article\/dv-ov-and-ev-certificates\/","journal-title":"Online"},{"key":"e_1_3_3_102_2","article-title":"Second firm warns of concern after Dutch hack","author":"Sterling Toby","year":"2011","unstructured":"Toby Sterling. 2011. Second firm warns of concern after Dutch hack. Online. Retrieved May 31, 2024 from https:\/\/www.smh.com.au\/technology\/second-firm-warns-of-concern-after-dutch-hack-20110831-1jm4f.html","journal-title":"Online"},{"key":"e_1_3_3_103_2","article-title":"MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard","author":"support Microsoft","year":"2013","unstructured":"Microsoft support. 2013. MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard. Online. Retrieved May 31, 2024 from https:\/\/www.rapid7.com\/db\/vulnerabilities\/WINDOWS-HOTFIX-MS01-017","journal-title":"Online"},{"key":"e_1_3_3_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2016.91"},{"key":"e_1_3_3_105_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2011.031611.00024"},{"key":"e_1_3_3_106_2","unstructured":"Emin Topalovic Brennan Saeta Lin-Shung Huang Collin Jackson and Dan Boneh. 2012. Towards short-lived certificates. In Proceedings of the IEEE Workshop on Web 2.0 Security and Privacy (W2SP). 1\u20139."},{"key":"e_1_3_3_107_2","article-title":"Google boots China\u2019s main digital certificate authority CNNIC","author":"Tung Liam","year":"2015","unstructured":"Liam Tung. 2015. Google boots China\u2019s main digital certificate authority CNNIC. Online. Retrieved May 31, 2024 from https:\/\/www.zdnet.com\/article\/google-banishes-chinas-main-digital-certificate-authority-cnnic\/","journal-title":"Online"},{"key":"e_1_3_3_108_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICICSE.2009.19"},{"key":"e_1_3_3_109_2","article-title":"Blockchain-based certificate transparency and revocation transparency","author":"Wang Ze","year":"2020","unstructured":"Ze Wang, Jingqiang Lin, Quanwei Cai, Qiongxiao Wang, Daren Zha, and Jiwu Jing. 2020. Blockchain-based certificate transparency and revocation transparency. IEEE Transactions on Dependable and Secure Computing 19, 1 (2020), 681\u2013697.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_3_110_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-01244-0_38"},{"key":"e_1_3_3_111_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2017.240"},{"key":"e_1_3_3_112_2","doi-asserted-by":"publisher","DOI":"10.1145\/357744.357892"},{"key":"e_1_3_3_113_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2889898"},{"key":"e_1_3_3_114_2","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"e_1_3_3_115_2","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663758"},{"key":"e_1_3_3_116_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-021-00572-5"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3785653","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T14:20:12Z","timestamp":1770128412000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3785653"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,3]]},"references-count":115,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2026,5,31]]}},"alternative-id":["10.1145\/3785653"],"URL":"https:\/\/doi.org\/10.1145\/3785653","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,3]]},"assertion":[{"value":"2023-02-21","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-16","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-02-03","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}