Longitudinal characterization of X.509 revocation statuses: A framework for monitoring newly issued certificates from the most popular Certificate Transparency logs
2021 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE credits
Student thesisAlternative title
Longitudinell karaktärisering av certifikatåterkallning (Swedish)
Abstract [en]
The X.509 landscape is one of the cornerstones of the internet today. It is used to establish trust between entities online. Revocations of X.509 certificates are a vital part of the infrastructure to ensure that communicating parties can, in fact, be trusted. Today, these revocations are handled by Certificate Authorities who provide either an OCSP response or a CRL with the revocation status for their certificates.
A framework was developed, written in Go, to enable longitudinal characterization of X.509 revocation statuses. We show that using the framework, it is possible to conduct a large scale analysis of X.509 certificates during an extended time. Using the data collected, we present preliminary analysis results and discuss the implications of the findings.
We conclude that CAs, in general, behave similarly, with a few exceptions. Furthermore, we believe that large scale longitudinal analysis of revocation statuses provides a basis to hold CAs accountable and increase transparency in the X.509 landscape.
Place, publisher, year, edition, pages
2021. , p. 24
Keywords [en]
pki, tls, ssl, x.509, security, certificates, https, revocation, certificate transparency
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:liu:diva-178856ISRN: LIU-IDA/LITH-EX-G--21/073—SEOAI: oai:DiVA.org:liu-178856DiVA, id: diva2:1589770
Subject / course
Information Technology
Presentation
2021-06-04, Distans, 12:30 (Swedish)
Supervisors
Examiners
2021-09-012021-08-312021-09-01Bibliographically approved