Server-Side Adoption of Certificate Transparency
2018 (English)In: Passive and Active Measurement: 19th International Conference, PAM 2018, Berlin, Germany, March 26–27, 2018, Proceedings / [ed] Robert Beverly, Georgios Smaragdakis, Anja Feldmann, Cham: Springer, 2018, Vol. 10771, p. 186-199Conference paper, Published paper (Refereed)
Abstract [en]
Certificate Transparency (CT) was developed to mitigate shortcomings in the TLS/SSL landscape and to assess the trustworthiness of Certificate Authorities (CAs) and the certificates they create. With CT, certificates should be logged in public, audible, append-only CT logs and servers should provide clients (browsers) evidence, in the form of Signed Certificate Timestamps (SCTs), that the certificates that they present have been logged in credible CT logs. These SCTs can be delivered using three different methods: (i) X.509v3 extension, (ii) TLS extension, and (iii) OSCP stapling. In this paper, we develop a client-side measurement tool that implements all three methods and use the tool to analyze the SCT adoption among the one-million most popular web domains. Using two snapshots (from May and Oct. 2017), we answer a wide range of questions related to the delivery choices made by different domains, identify differences in the certificates used by these domains, the CT logs they use, and characterize the overheads and potential performance impact of the SCT delivery methods. By highlighting some of the tradeoffs between the methods and differences in the websites selecting them, we provide insights into the current SCT adoption status and differences in how domains have gone upon adopting this new technology.
Place, publisher, year, edition, pages
Cham: Springer, 2018. Vol. 10771, p. 186-199
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10771
National Category
Computer Sciences Computer and Information Sciences
Identifiers
URN: urn:nbn:se:liu:diva-156664DOI: 10.1007/978-3-319-76481-8_14ISI: 000552689300014Scopus ID: 2-s2.0-85043581742ISBN: 9783319764801 (print)ISBN: 9783319764818 (electronic)OAI: oai:DiVA.org:liu-156664DiVA, id: diva2:1313774
Conference
Tha 19th International Conference, PAM 2018, Berlin, Germany, March 26–27, 2018
2019-05-062019-05-062024-02-01Bibliographically approved