Exploring the Evolution of the TLS Certificate Ecosystem

TR Number

Date

2022-06-01

Journal Title

Journal ISSN

Volume Title

Publisher

Virginia Tech

Abstract

A vast majority of popular communication protocols for the internet employ the use of TLS (Transport Layer Security) to secure communication. As a result, there have been numerous efforts including the introduction of Certificate Transparency logs and Free Automated CAs to improve the SSL certificate ecosystem. Our work highlights the effectiveness of these efforts using the Certificate Transparency dataset as well as certificates collected via full IPv4 scans. We show that a large proportion of invalid certificates still exists and outline reasons why these certificates are invalid and where they are hosted. Moreover, we show that the incorrect use of template certificates has led to incorrect SCTs being embedded in the certificates. Taken together, our results emphasize continued involvement for the research community to improve the web's PKI ecosystem.

Description

Keywords

Security, TLS, Certificates, Network Security, Cryptography, Public Key Cryptography, Web Security Protocol, Measurement

Citation

Collections