Author(s): Antoine Delignat-Lavaud, Mart ́ın Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber, Yinglian Xie

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014


Recent instances of mis-issued certificates have raised concerns about certification authorities. We propose a PKI monitoring framework to classify certificates based on their issuance template and evaluate adherence to the CA/Browser Forum requirements. We run our analysis on a large sample of recently issued certificates.