{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,9,1]],"date-time":"2023-09-01T22:25:23Z","timestamp":1693607123482},"reference-count":77,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T00:00:00Z","timestamp":1626998400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>HTTPS is a cornerstone of privacy in the modern Web. The public key infrastructure underlying HTTPS, however, is a frequent target of attacks. In several cases, forged certificates have been issued by compromised Certificate Authorities (CA) and used to spy on users at large scale. While the concept of Certificate Transparency (CT) provides a means for detecting such forgeries, it builds on a distributed system of CT logs whose correctness is still insufficiently protected. By compromising a certificate authority and the corresponding log, a covert adversary can still issue rogue certificates unnoticed.<\/jats:p>\n               <jats:p>We introduce LogPicker, a novel protocol for strengthening the public key infrastructure of HTTPS. LogPicker enables a pool of CT logs to collaborate, where a randomly selected log includes the certificate while the rest witness and testify the certificate issuance process. As a result, CT logs become capable of auditing the log in charge independently without the need for a trusted third party. This auditing forces an attacker to control each participating witness, which significantly raises the bar for issuing rogue certificates. LogPicker is efficient and designed to be deployed incrementally, allowing a smooth transition towards a more secure Web.<\/jats:p>","DOI":"10.2478\/popets-2021-0066","type":"journal-article","created":{"date-parts":[[2021,7,24]],"date-time":"2021-07-24T23:22:39Z","timestamp":1627168959000},"page":"184-202","source":"Crossref","is-referenced-by-count":1,"title":["LogPicker: Strengthening Certificate Transparency Against Covert Adversaries"],"prefix":"10.56553","volume":"2021","author":[{"given":"Alexandra","family":"Dirksen","sequence":"first","affiliation":[{"name":"TU Braunschweig"}]},{"given":"David","family":"Klein","sequence":"additional","affiliation":[{"name":"TU Braunschweig"}]},{"given":"Robert","family":"Michael","sequence":"additional","affiliation":[{"name":"TU Braunschweig"}]},{"given":"Tilman","family":"Stehr","sequence":"additional","affiliation":[]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[{"name":"TU Braunschweig"}]},{"given":"Martin","family":"Johns","sequence":"additional","affiliation":[{"name":"TU Braunschweig"}]}],"member":"35752","published-online":{"date-parts":[[2021,7,23]]},"reference":[{"key":"2022060521165021462_j_popets-2021-0066_ref_001","unstructured":"[1] 2016. Secure Logging Schemes and Certificate Transparency. Computer Security \u2013 ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science (2016)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_002","unstructured":"[2] 2019. How Certificate Transparency Works. https:\/\/www.certificate-transparency.org\/how-ct-works"},{"key":"2022060521165021462_j_popets-2021-0066_ref_003","unstructured":"[3] 2020. CA\/Browser Forum. https:\/\/cabforum.org\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_004","unstructured":"[4] 2020. CT2 Log Compromised via Salt Vulnerability. https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/ct-policy\/aKNbZuJzwfM"},{"key":"2022060521165021462_j_popets-2021-0066_ref_005","unstructured":"[5] Apple. 2019. Apple\u2019s Certificate Transparency policy. https:\/\/support.apple.com\/en-us\/HT205280"},{"key":"2022060521165021462_j_popets-2021-0066_ref_006","unstructured":"[6] Apple. 2020. List of available trusted root certificates in iOS 12, macOS 10.14, watchOS 5, and tvOS 12. https:\/\/support.apple.com\/de-de\/HT209144"},{"key":"2022060521165021462_j_popets-2021-0066_ref_007","unstructured":"[7] D. F. Aranha, C. P. L. Gouv\u00eaa, T. Markmann, R. S. Wahby, and K. Liao. [n. d.]. RELIC is an Efficient LIbrary for Cryptography. https:\/\/github.com\/relic-toolkit\/relic."},{"key":"2022060521165021462_j_popets-2021-0066_ref_008","doi-asserted-by":"crossref","unstructured":"[8] Yonatan Aumann and Yehuda Lindell. 2010. Security against covert adversaries: Efficient protocols for realistic adversaries. Journal of Cryptology 23, 2 (2010), 281\u2013343.","DOI":"10.1007\/s00145-009-9040-7"},{"key":"2022060521165021462_j_popets-2021-0066_ref_009","unstructured":"[9] Andrew Ayer. 2018. How will Certificate Transparency Logs be Audited in Practice? https:\/\/www.agwa.name\/blog\/post\/how_will_certificate_transparency_logs_be_audited_in_practice"},{"key":"2022060521165021462_j_popets-2021-0066_ref_010","unstructured":"[10] Andrew Ayer. 2018. Timeline of Certificate Authority Failures. https:\/\/sslmate.com\/certspotter\/failures"},{"key":"2022060521165021462_j_popets-2021-0066_ref_011","unstructured":"[11] David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2014. ARPKI: Attack Resilient Public-Key Infrastructure. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS \u201914 (2014)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_012","doi-asserted-by":"crossref","unstructured":"[12] Enrico Bocchi, Luca De Cicco, and Dario Rossi. 2016. Measuring the quality of experience of web users. Computer Communication Review 46, 4 (2016), 8\u201313.","DOI":"10.1145\/3027947.3027949"},{"key":"2022060521165021462_j_popets-2021-0066_ref_013","doi-asserted-by":"crossref","unstructured":"[13] Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In International Conference on the Theory and Applications of Cryptographic Techniques.10.1007\/3-540-39200-9_26","DOI":"10.1007\/3-540-39200-9_26"},{"key":"2022060521165021462_j_popets-2021-0066_ref_014","doi-asserted-by":"crossref","unstructured":"[14] Matthieu Bussiere and Marcel Fratzscher. 2008. Low probability, high impact: Policy making and extreme events. Journal of Policy Modeling 30, 1 (2008), 111\u2013121.","DOI":"10.1016\/j.jpolmod.2007.03.007"},{"key":"2022060521165021462_j_popets-2021-0066_ref_015","unstructured":"[15] Sergej Chernov. 2015. Implement Certificate Transparency support (RFC 6962). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1281469"},{"key":"2022060521165021462_j_popets-2021-0066_ref_016","doi-asserted-by":"crossref","unstructured":"[16] Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. 2015. Efficient gossip protocols for verifying the consistency of Certificate logs. 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015 (2015).10.1109\/CNS.2015.7346853","DOI":"10.1109\/CNS.2015.7346853"},{"key":"2022060521165021462_j_popets-2021-0066_ref_017","doi-asserted-by":"crossref","unstructured":"[17] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard).10.17487\/rfc5280","DOI":"10.17487\/rfc5280"},{"key":"2022060521165021462_j_popets-2021-0066_ref_018","unstructured":"[18] Peter Eckersley. 2012. Sovereign Key Cryptography for Internet Domains. Technical Report."},{"key":"2022060521165021462_j_popets-2021-0066_ref_019","unstructured":"[19] C. Evans and C. Palmer. 2011. Public Key Pinning Extension for HTTP. https:\/\/datatracker.ietf.org\/doc\/rfc7469\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_020","unstructured":"[20] C. Evans, C. Palmer, and R. Sleevi. 1993. RFC1464: Using the Domain Name System To Store Arbitrary String Attributes. IETF RFC (1993). https:\/\/doi.org\/10.17487\/RFC746910.17487\/RFC7469"},{"key":"2022060521165021462_j_popets-2021-0066_ref_021","unstructured":"[21] CA\/Browser Forum. 2019. Guidelines For The Issuance And Management Of Extended Validation Certificates. cabforum.org. https:\/\/cabforum.org\/wp-content\/uploads\/CABrowser-Forum-EV-Guidelines-v1.7.1.pdf."},{"key":"2022060521165021462_j_popets-2021-0066_ref_022","unstructured":"[22] CA\/Browser Forum. 2020. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. cabforum.org. https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-BR-1.6.8.pdf."},{"key":"2022060521165021462_j_popets-2021-0066_ref_023","unstructured":"[23] Eva Galperin, Seth Schoen, and Peter Eckersley. 2013. A Post Mortem on the Iranian DigiNotar Attack. https:\/\/www.eff.org\/de\/deeplinks\/2011\/09\/post-mortem-iranian-diginotar-attack"},{"key":"2022060521165021462_j_popets-2021-0066_ref_024","unstructured":"[24] Artyom Gavrichenkov. 2015. Breaking HTTPS with BGP hijacking. Black Hat. Briefings (2015)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_025","unstructured":"[25] Oded Goldreich. 2006. Foundations of Cryptography: Volume 1. Cambridge University Press, USA."},{"key":"2022060521165021462_j_popets-2021-0066_ref_026","unstructured":"[26] Google. 2020. Certificate Transparency - Known Logs. https:\/\/www.certificate-transparency.org\/known-logs"},{"key":"2022060521165021462_j_popets-2021-0066_ref_027","unstructured":"[27] Google. 2020. Google Root Store: 2020-10-21 - Proposed. https:\/\/docs.google.com\/spreadsheets\/d\/e\/2PACX-1vQ7Jtb4NxCSaEtCaisz2u3NQZcHejDUjI3Q-utBnLC5E7w4crv6QZ9GRDb2bFGbLgUQsgQyF0Y8eoN\/pubhtml"},{"key":"2022060521165021462_j_popets-2021-0066_ref_028","unstructured":"[28] Google. 2020. Transparency report: HTTPS encryption on the web (2020-01-23). https:\/\/transparencyreport.google.com\/https\/overview?hl=en"},{"key":"2022060521165021462_j_popets-2021-0066_ref_029","doi-asserted-by":"crossref","unstructured":"[29] Charles Miller Grinstead and James Laurie Snell. 2012. Introduction to probability. American Mathematical Soc.10.1090\/stml\/057","DOI":"10.1090\/stml\/057"},{"key":"2022060521165021462_j_popets-2021-0066_ref_030","doi-asserted-by":"crossref","unstructured":"[30] P. Hallam-Baker and R. Stradling. 2013. RFC6844: NS Certification Authority Authorization (CAA) Resource Record. IETF RFC (2013).10.17487\/rfc6844","DOI":"10.17487\/rfc6844"},{"key":"2022060521165021462_j_popets-2021-0066_ref_031","unstructured":"[31] B. Hof. 2017. STH Cross Logging. IETF RFC draft (2017). https:\/\/tools.ietf.org\/id\/draft-hof-trans-cross-00.html"},{"key":"2022060521165021462_j_popets-2021-0066_ref_032","doi-asserted-by":"crossref","unstructured":"[32] P. Hoffman and J. Schlyter. 2012. RFC6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. IETF RFC (2012).10.17487\/rfc6698","DOI":"10.17487\/rfc6698"},{"key":"2022060521165021462_j_popets-2021-0066_ref_033","unstructured":"[33] R. Housley and K. O\u2019Donoghue. 2017. Problems with the Public Key Infrastructure (PKI) for the World Wide Web. IETF Draft (2017). https:\/\/tools.ietf.org\/html\/draft-iabweb-pki-problems-01"},{"key":"2022060521165021462_j_popets-2021-0066_ref_034","unstructured":"[34] David Huang and Brad Hill. 2016. Early Impacts of Certificate Transparency. https:\/\/www.facebook.com\/notes\/protect-the-graph\/early-impacts-of-certificate-transparency\/1709731569266987\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_035","unstructured":"[35] Kazakhtelecom JSC. 2015. Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016. https:\/\/web.archive.org\/web\/20151202203337\/ http:\/\/telecom.kz\/en\/news\/view\/18729\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_036","doi-asserted-by":"crossref","unstructured":"[36] J. Katz and Y. Lindell. 2014. Introduction to Modern Cryptography, Second Edition. Taylor & Francis.10.1201\/b17668","DOI":"10.1201\/b17668"},{"key":"2022060521165021462_j_popets-2021-0066_ref_037","unstructured":"[37] S Kent. 2018. Attack and Threat Model for Certificate Transparency. Internet Engineering Task Force (2018)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_038","doi-asserted-by":"crossref","unstructured":"[38] Leslie Lamport, Robert Shostak, and Marshall Pease. 1982. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems (1982), 382\u2013401.","DOI":"10.1145\/357172.357176"},{"key":"2022060521165021462_j_popets-2021-0066_ref_039","unstructured":"[39] Adam Langley. 2013. Fraudulent Digital Certificates Could Allow Spoofing. https:\/\/security.googleblog.com\/2013\/01\/enhancing-digital-certificate-security.html"},{"key":"2022060521165021462_j_popets-2021-0066_ref_040","unstructured":"[40] Adam Langley. 2013. Further improving digital certificate security. https:\/\/security.googleblog.com\/2013\/12\/further-improving-digital-certificate.html"},{"key":"2022060521165021462_j_popets-2021-0066_ref_041","doi-asserted-by":"crossref","unstructured":"[41] Ben Laurie. 2014. Certificate Transparency. ACM Queue 8 (2014).10.1145\/2668152.2668154","DOI":"10.1145\/2668152.2668154"},{"key":"2022060521165021462_j_popets-2021-0066_ref_042","doi-asserted-by":"crossref","unstructured":"[42] Ben Laurie and Emilia Kasper. 2012. Revocation transparency. Google Research, September (2012).10.17487\/rfc6962","DOI":"10.17487\/rfc6962"},{"key":"2022060521165021462_j_popets-2021-0066_ref_043","doi-asserted-by":"crossref","unstructured":"[43] B. Laurie, A. Langley, and E. Kasper. 2013. RFC6962: Certificate Transparency. IETF RFC (2013).10.17487\/rfc6962","DOI":"10.17487\/rfc6962"},{"key":"2022060521165021462_j_popets-2021-0066_ref_044","unstructured":"[44] Bingyu Li, Jingqiang Lin, Fengjun Li, Qiongxiao Wang, Qi Li, Jiwu Jing, and Congli Wang. 2019. Certificate transparency in the wild: Exploring the reliability of monitors. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security."},{"key":"2022060521165021462_j_popets-2021-0066_ref_045","doi-asserted-by":"crossref","unstructured":"[45] Wouter Lueks and Ian Goldberg. 2015. Sublinear Scaling for Multi-Client Private Information Retrieval. In Financial Cryptography and Data Security, Rainer B\u00f6hme and Tatsuaki Okamoto (Eds.). 168\u2013186.","DOI":"10.1007\/978-3-662-47854-7_10"},{"key":"2022060521165021462_j_popets-2021-0066_ref_046","unstructured":"[46] Gervase Markham. 2016. Incidents involving the CA WoSign. https:\/\/groups.google.com\/forum\/#!topic\/mozilla.dev.security.policy\/k9PBmyLCi8I%5B1-25%5D"},{"key":"2022060521165021462_j_popets-2021-0066_ref_047","unstructured":"[47] M. Marlinspike and T. Perrin. 2013. Trust Assertions for Certificate Keys. IETF Draft (2013)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_048","unstructured":"[48] Mozilla. 2019. Mozilla takes action to protect users in Kazakhstan. https:\/\/blog.mozilla.org\/blog\/2019\/08\/21\/mozilla-takes-action-to-protect-users-in-kazakhstan\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_049","unstructured":"[49] Johnathan Nightingale. 2011. Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority. https:\/\/blog.mozilla.org\/security\/2011\/11\/03\/revoking-trust-in-digicertsdn-bhd-intermediate-certificate-authority\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_050","unstructured":"[50] L. Nordberg, D. Gillmor, and T. Ritter. 2018. Gossiping in CT. IETF Draft (2018). https:\/\/tools.ietf.org\/html\/draft-ietf-trans-gossip-05"},{"key":"2022060521165021462_j_popets-2021-0066_ref_051","unstructured":"[51] Devon O\u2019Brien. 2018. Certificate Transparency Enforcement in Chrome and CT Day in London. https:\/\/groups.google.com\/a\/chromium.org\/d\/msg\/ct-policy\/Qqr59r6yn1A\/2t0bWblZBgAJ"},{"key":"2022060521165021462_j_popets-2021-0066_ref_052","unstructured":"[52] Devon O\u2019Brien. 2020. Chrome CT 2020 Plans. https:\/\/groups.google.com\/a\/chromium.org\/g\/ct-policy\/c\/dqFtoFBy8YU\/m\/Xa67FWVCEgAJ"},{"key":"2022060521165021462_j_popets-2021-0066_ref_053","unstructured":"[53] Lukasz Olejnik, Claude Castelluccia, and Artur Janc. 2012. Why Johnny Can\u2019t Browse in Peace: On the Uniqueness of Web Browsing History Patterns. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2012). Vigo, Spain. https:\/\/hal.inria.fr\/hal-00747841"},{"key":"2022060521165021462_j_popets-2021-0066_ref_054","doi-asserted-by":"crossref","unstructured":"[54] Rolf Oppliger. 2014. Certification authorities under attack: A plea for certificate legitimation. IEEE Internet Computing (2014).10.1109\/MIC.2013.5","DOI":"10.1109\/MIC.2013.5"},{"key":"2022060521165021462_j_popets-2021-0066_ref_055","doi-asserted-by":"crossref","unstructured":"[55] Serguei Popov. 2017. On a decentralized trustless pseudo-random number generation algorithm. Journal of Mathematical Cryptology (2017).10.1515\/jmc-2016-0019","DOI":"10.1515\/jmc-2016-0019"},{"key":"2022060521165021462_j_popets-2021-0066_ref_056","unstructured":"[56] J.R. Prins. 2011. DigiNotar Certificate Authority breach \u201cOperation Black Tulip\u201d. Technical Report. Fox-IT, Delft."},{"key":"2022060521165021462_j_popets-2021-0066_ref_057","unstructured":"[57] Ram Sundara Raman, Leonid Evdokimov, Eric Wurstrow, J Alex Halderman, and Roya Ensafi. 2020. Investigating Large Scale HTTPS Interception in Kazakhstan. In Proceedings of the ACM Internet Measurement Conference. 125\u2013132."},{"key":"2022060521165021462_j_popets-2021-0066_ref_058","unstructured":"[58] Tom Ritter. 2016. a bit on certificate transparency gossip. https:\/\/ritter.vg\/blog-a_bit_on_certificate_transparency_gossip.html"},{"key":"2022060521165021462_j_popets-2021-0066_ref_059","doi-asserted-by":"crossref","unstructured":"[59] Mark D. Ryan. 2014. Enhanced Certificate Transparency and End-to-End Encrypted Mail. In Proceedings 2014 Network and Distributed System Security Symposium. Internet Society. https:\/\/doi.org\/10.14722\/ndss.2014.2337910.14722\/ndss.2014.23379","DOI":"10.14722\/ndss.2014.23379"},{"key":"2022060521165021462_j_popets-2021-0066_ref_060","doi-asserted-by":"crossref","unstructured":"[60] S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. 2013. RFC6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol- OCSP. IETF RFC (2013). https:\/\/tools.ietf.org\/html\/rfc6960","DOI":"10.17487\/rfc6960"},{"key":"2022060521165021462_j_popets-2021-0066_ref_061","unstructured":"[61] Seht Schoen. 2015. Please support wildcard certificates [Online discussion group]. https:\/\/community.letsencrypt.org\/t\/please-support-wildcard-certificates\/258\/19"},{"key":"2022060521165021462_j_popets-2021-0066_ref_062","unstructured":"[62] Ryan Sleevi. 2016. Announcement: Requiring Certificate Transparency in 2017. https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!msg\/ct-policy\/78N3SMcqUGw\/ykIwHXuqAQAJ"},{"key":"2022060521165021462_j_popets-2021-0066_ref_063","unstructured":"[63] Ryan Sleevi. 2016. Certificate Transparency in Chrome. Technical Report. https:\/\/groups.google.com\/g\/mozilla.dev.security.policy\/c\/VJYX1Wnnhiw\/m\/ecenP98wBgAJ"},{"key":"2022060521165021462_j_popets-2021-0066_ref_064","unstructured":"[64] Ryan Sleevi and Eran Messeri. 2017. Certificate Transparency in Chrome: Monitoring CT logs consistency. Technical Report. Google. https:\/\/docs.google.com\/document\/d\/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe_z-ls\/edit"},{"key":"2022060521165021462_j_popets-2021-0066_ref_065","doi-asserted-by":"crossref","unstructured":"[65] Christopher Soghoian and Sid Stamm. 2010. Certified Lies: Detecting and defeating government interception attacks against SSL. In Proceedings of ACM Symposium on Operating Systems Principles. 1\u201318.10.2139\/ssrn.1591033","DOI":"10.2139\/ssrn.1591033"},{"key":"2022060521165021462_j_popets-2021-0066_ref_066","unstructured":"[66] Stephan Somogyi. 2015. Improved Digital Certificate Security. https:\/\/security.googleblog.com\/2015\/09\/improved-digital-certificate-security.html"},{"key":"2022060521165021462_j_popets-2021-0066_ref_067","doi-asserted-by":"crossref","unstructured":"[67] Sooel Son and Vitaly Shmatikov. 2010. The hitchhiker\u2019s guide to DNS cache poisoning. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (2010).10.1007\/978-3-642-16161-2_27","DOI":"10.1007\/978-3-642-16161-2_27"},{"key":"2022060521165021462_j_popets-2021-0066_ref_068","unstructured":"[68] Nick Sullivan. 2018. Introducing Certificate Transparency and Nimbus. https:\/\/blog.cloudflare.com\/introducing-certificate-transparency-and-nimbus\/"},{"key":"2022060521165021462_j_popets-2021-0066_ref_069","doi-asserted-by":"crossref","unstructured":"[69] Ewa Syta, Philipp Jovanovic, Eleftherios Kokoris Kogias, and Nicolas Gailly. 2017. Scalable Bias-Resistant Distributed Randomness. In 2017 IEEE Symposium on Security and Privacy.10.1109\/SP.2017.45","DOI":"10.1109\/SP.2017.45"},{"key":"2022060521165021462_j_popets-2021-0066_ref_070","doi-asserted-by":"crossref","unstructured":"[70] Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford. 2016. Keeping Authorities \u2018Honest or Bust\u2019 with Decentralized Witness Cosigning. In 2016 IEEE Symposium on Security and Privacy. 526\u2013545.10.1109\/SP.2016.38","DOI":"10.1109\/SP.2016.38"},{"key":"2022060521165021462_j_popets-2021-0066_ref_071","doi-asserted-by":"crossref","unstructured":"[71] Tom Van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, and Wouter Joosen. 2017. Large-scale security analysis of the web: Challenges and findings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 8564 LNCS (2017), 110\u2013126.","DOI":"10.1007\/978-3-319-08593-7_8"},{"key":"2022060521165021462_j_popets-2021-0066_ref_072","unstructured":"[72] Jeremy Wagner. 2020. Why Performance Matters. https:\/\/developers.google.com\/web\/fundamentals\/performance\/why-performance-matters"},{"key":"2022060521165021462_j_popets-2021-0066_ref_073","unstructured":"[73] Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. USENIX Annual Technical Conference (2008)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_074","doi-asserted-by":"crossref","unstructured":"[74] Jiangshan Yu, Vincent Cheval, and Mark Ryan. 2016. DTKI: A new formalized PKI with verifiable trusted parties. (2016), 1695\u20131713.","DOI":"10.1093\/comjnl\/bxw039"},{"key":"2022060521165021462_j_popets-2021-0066_ref_075","unstructured":"[75] Jiangshan Yu and Mark Ryan. 2017. Evaluating Web PKIs. Software Architecture for Big Data and the Cloud (2017)."},{"key":"2022060521165021462_j_popets-2021-0066_ref_076","unstructured":"[76] Bryant Zadegan and Ryan Lester. 2016. Abusing Bleeding Edge Web Standards for AppSec Glory. In DEF CON 24."},{"key":"2022060521165021462_j_popets-2021-0066_ref_077","doi-asserted-by":"crossref","unstructured":"[77] Torsten Zimmermann, Jan Ruth, Benedikt Wolters, and Oliver Hohlfeld. 2017. How HTTP\/2 pushes the web: An empirical study of HTTP\/2 server push. In 2017 IFIP Networking Conference, IFIP Networking 2017 and Workshops.10.23919\/IFIPNetworking.2017.8264830","DOI":"10.23919\/IFIPNetworking.2017.8264830"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0066","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:41Z","timestamp":1658334701000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0066.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,23]]},"references-count":77,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,7,23]]},"published-print":{"date-parts":[[2021,10,1]]}},"alternative-id":["10.2478\/popets-2021-0066"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0066","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,23]]}}}