Explore the systematic analysis of certificate errors in browser-trusted certificates through this IEEE Symposium on Security & Privacy presentation. Delve into the development and application of ZLint, a certificate linter that codifies CA/Browser Forum Baseline Requirements and RFC 5280 policies. Examine the drastic reduction in certificate errors since 2012, with only 0.02% of certificates containing errors in 2017. Investigate the disparity between large authorities consistently issuing correct certificates and the long tail of small authorities regularly producing non-conformant ones. Analyze the correlation between certificate errors and other types of mismanagement, as well as browser action for large authorities. Conclude by discussing how lint data can be utilized to identify authorities with concerning organizational practices and ensure the long-term health of the Web PKI.
Overview
Syllabus
Tracking Certificate Misissuance in the Wild
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
Certificate Transparency Logs - Roadmaps to Riches or Ruin?
-
Bamboozling Certificate Authorities with BGP
-
CertGraph - A Tool to Crawl the Graph of SSL Certificate Alternate Names Using Certificate Transparency
-
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate
-
Off-Path Attacks Against PKI
-
SymCerts - Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation
