In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements

In recent years, multiple security incidents involving Certificate Authority (CA) misconduct demonstrated the need for strengthened certificate issuance processes. Certificate Transparency (CT) logs make the issuance publicly traceable and auditable.

[1]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[2]  Adrienne Porter Felt,et al.  Measuring HTTPS Adoption on the Web , 2017, USENIX Security Symposium.

[3]  Mohamed Ali Kâafar,et al.  TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication , 2015, NDSS.

[4]  Mark Allman,et al.  Ethical considerations in network measurement papers , 2016, Commun. ACM.

[5]  J. Alex Halderman,et al.  Towards a Complete View of the Certificate Ecosystem , 2016, Internet Measurement Conference.

[6]  Bruce M. Maggs,et al.  Measuring and Applying Invalid SSL Certificates: The Silent Majority , 2016, Internet Measurement Conference.

[7]  Adrienne Porter Felt,et al.  Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors , 2017, CCS.

[8]  Giovane C. M. Moura,et al.  No domain left behind: is Let's Encrypt democratizing encryption? , 2017, ANRW.

[9]  Yizheng Chen,et al.  DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[10]  Bruce M. Maggs,et al.  An End-to-End Measurement of Certificate Revocation in the Web's PKI , 2015, Internet Measurement Conference.

[11]  Georg Carle,et al.  Scanning the IPv6 Internet: Towards a Comprehensive Hitlist , 2016, TMA.

[12]  D. Dittrich,et al.  The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research , 2012 .

[13]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[14]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[15]  Georg Carle,et al.  Mission accomplished?: HTTPS security after diginotar , 2017, Internet Measurement Conference.

[16]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[17]  Georg Carle,et al.  The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.

[18]  Georg Carle,et al.  Towards an Ecosystem for Reproducible Research in Computer Networking , 2017, Reproducibility@SIGCOMM.

[19]  Niklas Carlsson,et al.  A First Look at the CT Landscape: Certificate Transparency Logs in Practice , 2017, PAM.