Rusted anchors: A national client-side view of hidden root CAs in the web PKI ecosystem
HTTPS secures communications in the web and heavily relies on the Web PKI for
authentication. In the Web PKI, Certificate Authorities (CAs) are organizations that provide …
authentication. In the Web PKI, Certificate Authorities (CAs) are organizations that provide …
Stale TLS certificates: investigating precarious third-party access to valid TLS keys
Certificate authorities enable TLS server authentication by generating certificates that attest
to the mapping between a domain name and a cryptographic keypair, for up to 398 days …
to the mapping between a domain name and a cryptographic keypair, for up to 398 days …
On the complexity of the Web's PKI: Evaluating certificate validation of mobile browsers
Digital certificates are frequently used to secure communications between users and web
servers. Critical to the Web's PKI is the secure validation of digital certificates. Nonetheless …
servers. Critical to the Web's PKI is the secure validation of digital certificates. Nonetheless …
Tracing your roots: exploring the TLS trust anchor ecosystem
Secure TLS server authentication depends on reliable trust anchors. The fault intolerant
design of today's system---where a single compromised trust anchor can impersonate nearly …
design of today's system---where a single compromised trust anchor can impersonate nearly …
How to Measure TLS, X. 509 Certificates, and Web PKI: A Tutorial and Brief Survey
PF Tehrani, E Osterweil, TC Schmidt… - arXiv preprint arXiv …, 2024 - arxiv.org
Transport Layer Security (TLS) is the base for many Internet applications and services to
achieve end-to-end security. In this paper, we provide guidance on how to measure TLS …
achieve end-to-end security. In this paper, we provide guidance on how to measure TLS …
A compliance-based ranking of certificate authorities using probabilistic approaches
The security of the global Certification Authority (CA) system has recently been
compromised as a result of attacks on the Public Key Infrastructure (PKI). Although the …
compromised as a result of attacks on the Public Key Infrastructure (PKI). Although the …
No Root Store Left Behind
When a root certificate authority (CA) in the Web PKI misbehaves, primary root-store
operators such as Mozilla and Google respond by distrusting that CA. However, full distrust …
operators such as Mozilla and Google respond by distrusting that CA. However, full distrust …
[PDF][PDF] An Internet-wide View on HTTPS Certificate Revocations: Observing the Revival of CRLs via Active TLS Scans
A global decentral Public Key Infrastructure (PKI) is a key element of trusted and secure
communication over the Internet. Such a PKI enables trust inference through digital …
communication over the Internet. Such a PKI enables trust inference through digital …
Armored Core of PKI: Remove Signing Keys for CA via Physically Unclonable Function
X Zhang, C Chen, K Qin, C Zhang, S Qu… - arXiv preprint arXiv …, 2024 - arxiv.org
The protection of CA's signing keys is one of the most crucial security concerns in PKI.
However, these keys can still be exposed today by human errors or various carefully …
However, these keys can still be exposed today by human errors or various carefully …
On the Centralization and Regionalization of the Web
G Akiwate, K Ruth, R Habib, Z Durumeric - arXiv preprint arXiv …, 2024 - arxiv.org
Over the past decade, Internet centralization and its implications for both people and the
resilience of the Internet has become a topic of active debate. While the networking …
resilience of the Internet has become a topic of active debate. While the networking …