A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is
TLS clients rely on a supporting PKI in which certificate authorities (CAs)-trusted organizations-validate and cryptographically attest to the identities of web servers. A client's confidence that it is connecting to the right server depends entirely on the set of CAs that it trusts. However, as we demonstrate in this work, the identity specified in CA certificates is frequently inaccurate due to lax naming requirements, ownership changes, and long-lived certificates. This not only muddlesdblp:conf/uss/MaMADB21 fatcat:xobfqecwxbadhe2mq6fosjt5bm