HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Web PKI: Closing the Gap between Guidelines and Practices

Abstract : A string of recent attacks against the global public key infrastructure (PKI) has brought to light weaknesses in the certification authority (CA) system. In response, the CA/Browser Forum, a consortium of certification authorities and browser vendors, published in 2011 a set of requirements applicable to all certificates intended for use on the Web and issued after July 1st, 2012, following the successful adoption of the extended validation guidelines in 2007. We evaluate the actual level of adherence to the CA/Browser Forum guidelines over time, as well as the impact of each violation, by inspecting a large collection of certificates gathered from Web crawls. We further refine our analysis by automatically deriving profile templates that characterize the makeup of certificates per issuer. By integrating these templates with violation statistics, we are able to depict the practices of certification authorities worldwide, and thus to monitor the PKI and proactively detect major violations. Our method also provides new means of assessing the trustworthiness of SSL certificates used on the Web.
Complete list of metadata

Contributor : Bruno Blanchet Connect in order to contact the contributor
Submitted on : Monday, January 12, 2015 - 1:30:30 PM
Last modification on : Wednesday, April 6, 2022 - 3:48:22 PM

Links full text




Antoine Delignat-Lavaud, Martin Abadí, Matthew Birrell, Ilya Mironov, Ted Wobber, et al.. Web PKI: Closing the Gap between Guidelines and Practices. Network and Distributed System Security Symposium, Feb 2014, San Diego, United States. ⟨10.14722/ndss.2014.23305⟩. ⟨hal-01102254⟩



Record views