乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T01:24:14Z","timestamp":1740101054014,"version":"3.37.3"},"publisher-location":"New York, NY, USA","reference-count":128,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T00:00:00Z","timestamp":1699315200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1901047,CNS-1901090,CNS-1901325,CNS-1900879,CNS-1900996,CNS-2053363"],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560594","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"1857-1870","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Hammurabi"],"prefix":"10.1145","author":[{"given":"James","family":"Larisch","sequence":"first","affiliation":[{"name":"Harvard University, Cambridge, MA, USA"}]},{"given":"Waqar","family":"Aqeel","sequence":"additional","affiliation":[{"name":"Duke University, Durham, NC, USA"}]},{"given":"Michael","family":"Lum","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Yaelle","family":"Goldschlag","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Leah","family":"Kannan","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Kasra","family":"Torshizi","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Yujie","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Taejoong","family":"Chung","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"given":"Dave","family":"Levin","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Bruce M.","family":"Maggs","sequence":"additional","affiliation":[{"name":"Duke University & Emerald Innovations, Durham, NC, USA"}]},{"given":"Alan","family":"Mislove","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Bryan","family":"Parno","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Christo","family":"Wilson","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"unstructured":"[n. d.]. Proper handling for wildcard certificates for all tlds. https:\/\/bugzilla.mozilla.org\/ show_bug.cgi?id=1196364. [n. d.]. Proper handling for wildcard certificates for all tlds. https:\/\/bugzilla.mozilla.org\/ show_bug.cgi?id=1196364.","key":"e_1_3_2_1_1_1"},{"unstructured":"[n. d.]. Public Suffix List. https:\/\/publicsuffix.org\/list\/public_suffix_list.dat. [n. d.]. Public Suffix List. https:\/\/publicsuffix.org\/list\/public_suffix_list.dat.","key":"e_1_3_2_1_2_1"},{"unstructured":"2002. CVE-2002-0862. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2002-0862. 2002. CVE-2002-0862. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2002-0862.","key":"e_1_3_2_1_3_1"},{"unstructured":"2003. CVE-2003--1229. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2003--1229. 2003. CVE-2003--1229. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2003--1229.","key":"e_1_3_2_1_4_1"},{"unstructured":"2005. CVE-2005-3170. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005--3170. 2005. CVE-2005-3170. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2005--3170.","key":"e_1_3_2_1_5_1"},{"unstructured":"2008. CVE-2008--4989. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2008-4989. 2008. CVE-2008--4989. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2008-4989.","key":"e_1_3_2_1_6_1"},{"unstructured":"2009. CVE-2009-2408. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009--2408. 2009. CVE-2009-2408. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009--2408.","key":"e_1_3_2_1_7_1"},{"unstructured":"2010. CVE-2010-1378. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-1378. 2010. CVE-2010-1378. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-1378.","key":"e_1_3_2_1_8_1"},{"unstructured":"2011. CVE-2011-0228. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-0228. 2011. CVE-2011-0228. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-0228.","key":"e_1_3_2_1_9_1"},{"unstructured":"2012. CVE-2012-3446. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-3446. 2012. CVE-2012-3446. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-3446.","key":"e_1_3_2_1_10_1"},{"unstructured":"2014. CVE-2014-0092. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0092. 2014. CVE-2014-0092. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0092.","key":"e_1_3_2_1_11_1"},{"unstructured":"2015. Crlsets. The Chromium Projects. http:\/\/bit.ly\/1JPsUeC. 2015. Crlsets. The Chromium Projects. http:\/\/bit.ly\/1JPsUeC.","key":"e_1_3_2_1_12_1"},{"unstructured":"2015. Issue 572734: Support for OCSP Must-staple. https:\/\/bugs.chromium.org\/p\/chromium\/ issues\/detail?id=572734. 2015. Issue 572734: Support for OCSP Must-staple. https:\/\/bugs.chromium.org\/p\/chromium\/ issues\/detail?id=572734.","key":"e_1_3_2_1_13_1"},{"unstructured":"2016. Feature request: OCSP Must Staple (RFC 7633). https:\/\/groups.google.com\/a\/chromium. org\/g\/security-dev\/c\/-pB8IFNu5tw. 2016. Feature request: OCSP Must Staple (RFC 7633). https:\/\/groups.google.com\/a\/chromium. org\/g\/security-dev\/c\/-pB8IFNu5tw.","key":"e_1_3_2_1_14_1"},{"unstructured":"2021. CVE-2021-3450. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3450. 2021. CVE-2021-3450. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3450.","key":"e_1_3_2_1_15_1"},{"volume-title":"Foundations of Databases","author":"Abiteboul Serge","unstructured":"Serge Abiteboul , Richard Hull , and Victor Vianu . 1995. Foundations of Databases . Addison-Wesley Reading . Serge Abiteboul, Richard Hull, and Victor Vianu. 1995. Foundations of Databases. Addison-Wesley Reading.","key":"e_1_3_2_1_16_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1109\/PERCOM.2003.1192774"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the ACM Internet Measurement Conference (IMC).","author":"Amann Johanna","year":"2017","unstructured":"Johanna Amann , Oliver Gasser , Quirin Scheitle , Lexi Brent , Georg Carle , and Ralph Holz . 2017 . Mission Accomplished? HTTPS Security after DigiNotar . In Proceedings of the ACM Internet Measurement Conference (IMC). Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, and Ralph Holz. 2017. Mission Accomplished? HTTPS Security after DigiNotar. In Proceedings of the ACM Internet Measurement Conference (IMC)."},{"key":"e_1_3_2_1_19_1","volume-title":"Data & Measurement\"","author":"Daniel An.","year":"2018","unstructured":"Daniel An. 2018. Find out how you stack up to new industry benchmarks for mobile page speed. \"Think with Google-Mobile , Data & Measurement\" ( 2018 ). Daniel An. 2018. Find out how you stack up to new industry benchmarks for mobile page speed. \"Think with Google-Mobile, Data & Measurement\" (2018)."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1145\/3355369.3355601"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1145\/2465106.2465121"},{"volume-title":"Proceedings of the ACM Internet Measurement Conference (IMC).","author":"Bates Adam","unstructured":"Adam Bates , Joe Pletcher , Tyler Nichols , Braden Hollembaek , and Kevin R.B. Butler . 2014. Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale . In Proceedings of the ACM Internet Measurement Conference (IMC). Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, and Kevin R.B. Butler. 2014. Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale. In Proceedings of the ACM Internet Measurement Conference (IMC).","key":"e_1_3_2_1_22_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_23_1","DOI":"10.1145\/3428209"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1109\/SP.2017.26"},{"unstructured":"Karthikeyan Bhargavan Barry Bond Antoine Delignat-Lavaud C\u00e9dric Fournet Chris Haw- blitzel Catalin Hritcu Samin Ishtiaq Markulf Kohlweiss Rustan Leino Jay Lorch Kenji Maillard Jinyang Pang Bryan Parno Jonathan Protzenko Tahina Ramananandro Ashay Rane Aseem Rastogi Nikhil Swamy Laure Thompson Peng Wang Santiago Zanella-Beguelin and Jean-Karim Zinzindohou\u00e9. 2017. Everest: Towards a Verified Drop-In Replacement of HTTPS. In Summit on Advances in Programming Languages (SNAPL). Karthikeyan Bhargavan Barry Bond Antoine Delignat-Lavaud C\u00e9dric Fournet Chris Haw- blitzel Catalin Hritcu Samin Ishtiaq Markulf Kohlweiss Rustan Leino Jay Lorch Kenji Maillard Jinyang Pang Bryan Parno Jonathan Protzenko Tahina Ramananandro Ashay Rane Aseem Rastogi Nikhil Swamy Laure Thompson Peng Wang Santiago Zanella-Beguelin and Jean-Karim Zinzindohou\u00e9. 2017. Everest: Towards a Verified Drop-In Replacement of HTTPS. In Summit on Advances in Programming Languages (SNAPL).","key":"e_1_3_2_1_25_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1145\/3355369.3355575"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1109\/SP.2014.15"},{"issue":"4","key":"e_1_3_2_1_28_1","first-page":"1","article-title":"Baseline Requirements","volume":"1","author":"Forum Browser","year":"2016","unstructured":"CA\/ Browser Forum . 2016 . Baseline Requirements : Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates. Version 1 . 4 . 1 . https:\/\/cabforum.org\/wp-content\/ uploads\/CA-Browser-Forum-BR-1.4.1-redlined.pdf CA\/Browser Forum. 2016. Baseline Requirements: Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates. Version 1.4.1. https:\/\/cabforum.org\/wp-content\/ uploads\/CA-Browser-Forum-BR-1.4.1-redlined.pdf","journal-title":"Version"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1145\/2976749.2978301"},{"unstructured":"CA:Symantec Issues [n. d.]. CA:Symantec Issues. https:\/\/wiki.mozilla.org\/CA:Symantec_ Issues. CA:Symantec Issues [n. d.]. CA:Symantec Issues. https:\/\/wiki.mozilla.org\/CA:Symantec_ Issues.","key":"e_1_3_2_1_30_1"},{"unstructured":"Certificate Transparency Enforcement in Google Chrome [n. d.]. Certificate Transparency Enforcement in Google Chrome. https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/ct-policy\/wHILiYf31DE. Certificate Transparency Enforcement in Google Chrome [n. d.]. Certificate Transparency Enforcement in Google Chrome. https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/ct-policy\/wHILiYf31DE.","key":"e_1_3_2_1_31_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_32_1","DOI":"10.1109\/SP.2017.40"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/3487552.3487849"},{"unstructured":"Chrome Root Program 2020. Chrome Root Program. The Chromium Projects. https: \/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy\/. Chrome Root Program 2020. Chrome Root Program. The Chromium Projects. https: \/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy\/.","key":"e_1_3_2_1_34_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_35_1","DOI":"10.1109\/EuroSP48549.2020.00046"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_36_1","DOI":"10.1145\/2987443.2987454"},{"unstructured":"Catalin Cimpanu. 2020. Chrome will soon have its own dedicated certificate root store. https:\/\/ www.zdnet.com\/article\/chrome-will-soon-have-its-own-dedicated-certificate-root-store\/. Catalin Cimpanu. 2020. Chrome will soon have its own dedicated certificate root store. https:\/\/ www.zdnet.com\/article\/chrome-will-soon-have-its-own-dedicated-certificate-root-store\/.","key":"e_1_3_2_1_37_1"},{"unstructured":"Convergence [n. d.]. Convergence. http:\/\/convergence.io. Convergence [n. d.]. Convergence. http:\/\/convergence.io.","key":"e_1_3_2_1_38_1"},{"doi-asserted-by":"crossref","unstructured":"D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. http:\/\/www.ietf.org\/rfc\/rfc5280.txt D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. http:\/\/www.ietf.org\/rfc\/rfc5280.txt","key":"e_1_3_2_1_39_1","DOI":"10.17487\/rfc5280"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_40_1","DOI":"10.1109\/SP.2015.23"},{"doi-asserted-by":"crossref","unstructured":"Cas Cremers Marko Horvat Jonathan Hoyland Sam Scott and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. Cas Cremers Marko Horvat Jonathan Hoyland Sam Scott and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3.","key":"e_1_3_2_1_41_1","DOI":"10.1145\/3133956.3134063"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy.","author":"Cremers Cas","unstructured":"Cas Cremers , Marko Horvat , Sam Scott , and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication . In Proceedings of the IEEE Symposium on Security and Privacy. Cas Cremers, Marko Horvat, Sam Scott, and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. In Proceedings of the IEEE Symposium on Security and Privacy.","key":"e_1_3_2_1_42_1"},{"unstructured":"CRLite - CA\/Browser Forum [n. d.]. CRLite - CA\/Browser Forum. https:\/\/cabforum.org\/wp-content\/uploads\/CABF_F2Fpreso_030518_vmf.pdf. CRLite - CA\/Browser Forum [n. d.]. CRLite - CA\/Browser Forum. https:\/\/cabforum.org\/wp-content\/uploads\/CABF_F2Fpreso_030518_vmf.pdf.","key":"e_1_3_2_1_43_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_44_1","DOI":"10.5555\/646962.712108"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_45_1","DOI":"10.1145\/3460120.3484793"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_46_1","DOI":"10.1109\/SP.2016.22"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.1109\/SP.2017.58"},{"unstructured":"Distrust of the Symantec PKI: Immediate action needed by site operators [n. d.]. Distrust of the Symantec PKI: Immediate action needed by site operators. https:\/\/security.googleblog. com\/2018\/03\/distrust-of-symantec-pki-immediate.html. Distrust of the Symantec PKI: Immediate action needed by site operators [n. d.]. Distrust of the Symantec PKI: Immediate action needed by site operators. https:\/\/security.googleblog. com\/2018\/03\/distrust-of-symantec-pki-immediate.html.","key":"e_1_3_2_1_48_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_49_1","DOI":"10.1145\/2663716.2663755"},{"volume-title":"Proceedings of the ACM Internet Measurement Conference (IMC).","author":"Durumeric Zakir","unstructured":"Zakir Durumeric , James Kasten , Michael Bailey , and J. Alex Halderman . 2013. Analysis of the HTTPS Certificate Ecosystem . In Proceedings of the ACM Internet Measurement Conference (IMC). Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman. 2013. Analysis of the HTTPS Certificate Ecosystem. In Proceedings of the ACM Internet Measurement Conference (IMC).","key":"e_1_3_2_1_50_1"},{"unstructured":"EFF SSL Observatory [n. d.]. EFF SSL Observatory. https:\/\/www.eff.org\/observatory. EFF SSL Observatory [n. d.]. EFF SSL Observatory. https:\/\/www.eff.org\/observatory.","key":"e_1_3_2_1_51_1"},{"key":"e_1_3_2_1_52_1","volume-title":"Thoth: Comprehensive Policy Compliance in Data Retrieval Systems. In 25th USENIX Security Symposium (USENIX Security 16)","author":"Elnikety Eslam","year":"2016","unstructured":"Eslam Elnikety , Aastha Mehta , Anjo Vahldiek-Oberwagner , Deepak Garg , and Peter Druschel . 2016 . Thoth: Comprehensive Policy Compliance in Data Retrieval Systems. In 25th USENIX Security Symposium (USENIX Security 16) . 637--654. Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg, and Peter Druschel. 2016. Thoth: Comprehensive Policy Compliance in Data Retrieval Systems. In 25th USENIX Security Symposium (USENIX Security 16). 637--654."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_53_1","DOI":"10.1145\/2382196.2382205"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_54_1","DOI":"10.1145\/2508859.2516655"},{"unstructured":"Alex Gaynor. 2014. Enabling certificate verification by default for stdlib http clients. PEP 476. https:\/\/peps.python.org\/pep-0476 Alex Gaynor. 2014. Enabling certificate verification by default for stdlib http clients. PEP 476. https:\/\/peps.python.org\/pep-0476","key":"e_1_3_2_1_55_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_56_1","DOI":"10.1145\/2382196.2382204"},{"unstructured":"Mark Goodwin. 2015. Revoking Intermediate Certificates: Introducing OneCRL. Mozilla Security Blog. http:\/\/mzl.la\/1zLFp7M. Mark Goodwin. 2015. Revoking Intermediate Certificates: Introducing OneCRL. Mozilla Security Blog. http:\/\/mzl.la\/1zLFp7M.","key":"e_1_3_2_1_57_1"},{"unstructured":"Peter Gutmann. 2000. X.509 Style Guide. Peter Gutmann. 2000. X.509 Style Guide.","key":"e_1_3_2_1_58_1"},{"doi-asserted-by":"crossref","unstructured":"P. Hallam-Baker. 2015. X.509v3 Transport Layer Security (TLS) Feature Extension. RFC 7633. http:\/\/www.ietf.org\/rfc\/rfc7633.txt P. Hallam-Baker. 2015. X.509v3 Transport Layer Security (TLS) Feature Extension. RFC 7633. http:\/\/www.ietf.org\/rfc\/rfc7633.txt","key":"e_1_3_2_1_59_1","DOI":"10.17487\/RFC7633"},{"doi-asserted-by":"crossref","unstructured":"P. Hoffman and J. Schlyter. 2012. The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. https:\/\/www.ietf.org\/rfc\/rfc6962.txt P. Hoffman and J. Schlyter. 2012. The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. https:\/\/www.ietf.org\/rfc\/rfc6962.txt","key":"e_1_3_2_1_60_1","DOI":"10.17487\/rfc6698"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_61_1","DOI":"10.14722\/ndss.2016.23055"},{"key":"e_1_3_2_1_62_1","volume-title":"Proceedings of the ACM Internet Measurement Conference (IMC).","author":"Holz Ralph","year":"2011","unstructured":"Ralph Holz , Lothar Braun , Nils Kammenhuber , and Georg Carle . 2011 . The SSL Landscape -- a Thorough Analysis of the X.509 PKI Using Active and Passive Measurements . In Proceedings of the ACM Internet Measurement Conference (IMC). Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL Landscape -- a Thorough Analysis of the X.509 PKI Using Active and Passive Measurements. In Proceedings of the ACM Internet Measurement Conference (IMC)."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_63_1","DOI":"10.1145\/3411740.3411742"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_64_1","DOI":"10.1109\/SP.2014.13"},{"unstructured":"Ian Haken. [n. d.]. BetterTLS. https:\/\/netflixtechblog.com\/bettertls-c9915cd255c0. Ian Haken. [n. d.]. BetterTLS. https:\/\/netflixtechblog.com\/bettertls-c9915cd255c0.","key":"e_1_3_2_1_65_1"},{"key":"e_1_3_2_1_67_1","volume-title":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P","author":"Jim Trevor","year":"2000","unstructured":"Trevor Jim . 2000 . SD3: A Trust Management System with Certified Evaluation . In Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001. IEEE, 106--115. Trevor Jim. 2000. SD3: A Trust Management System with Certified Evaluation. In Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001. IEEE, 106--115."},{"unstructured":"Joe St Sauver. [n. d.]. How Many \"Parts\" (or \"Labels\") Does A Domain Name Typically Have? https:\/\/www.farsightsecurity.com\/blog\/txt-record\/rrlabel-20171013\/. Joe St Sauver. [n. d.]. How Many \"Parts\" (or \"Labels\") Does A Domain Name Typically Have? https:\/\/www.farsightsecurity.com\/blog\/txt-record\/rrlabel-20171013\/.","key":"e_1_3_2_1_68_1"},{"key":"e_1_3_2_1_69_1","volume-title":"Proceedings of WWW.","author":"Hyun-Jin Kim Tiffany","year":"2013","unstructured":"Tiffany Hyun-Jin Kim , Lin-Shung Huang , Adrian Perrig , Collin Jackson , and Virgil Gligor . 2013 . Accountable Key Infrastructure (AKI): A Proposal for a Public-key Validation Infrastructure . In Proceedings of WWW. Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil Gligor. 2013. Accountable Key Infrastructure (AKI): A Proposal for a Public-key Validation Infrastructure. In Proceedings of WWW."},{"key":"e_1_3_2_1_70_1","first-page":"514","article-title":"Equality for Prolog","volume":"83","author":"Kornfeld William A","year":"1983","unstructured":"William A Kornfeld . 1983 . Equality for Prolog . In IJCAI , Vol. 83. 514 -- 519 . William A Kornfeld. 1983. Equality for Prolog. In IJCAI, Vol. 83. 514--519.","journal-title":"IJCAI"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_71_1","DOI":"10.1145\/3278532.3278568"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_72_1","DOI":"10.1145\/3190508.3190518"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_73_1","DOI":"10.1109\/SP.2018.00015"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_74_1","DOI":"10.1145\/360051.360074"},{"unstructured":"Adam Langley. 2012. Revocation Checking and Chrome's CRL. https:\/\/www.imperialviolet. org\/2012\/02\/05\/crlsets.html. Adam Langley. 2012. Revocation Checking and Chrome's CRL. https:\/\/www.imperialviolet. org\/2012\/02\/05\/crlsets.html.","key":"e_1_3_2_1_75_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_76_1","DOI":"10.1109\/SP.2017.17"},{"doi-asserted-by":"crossref","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. https:\/\/www.ietf.org\/rfc\/rfc6962.txt Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. https:\/\/www.ietf.org\/rfc\/rfc6962.txt","key":"e_1_3_2_1_77_1","DOI":"10.17487\/rfc6962"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_78_1","DOI":"10.1145\/3196494.3196520"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_79_1","DOI":"10.1145\/800213.806531"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_80_1","DOI":"10.1109\/SP.2014.12"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_81_1","DOI":"10.1145\/2815675.2815685"},{"unstructured":"Steve Lloyd. 2002. Understanding Certification Path Construction. In PKI Forum White Paper. http:\/\/www.oasis-pki.org\/pdfs\/Understanding_Path_construction-DS2.pdf. Steve Lloyd. 2002. Understanding Certification Path Construction. In PKI Forum White Paper. http:\/\/www.oasis-pki.org\/pdfs\/Understanding_Path_construction-DS2.pdf.","key":"e_1_3_2_1_82_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_83_1","DOI":"10.1145\/3355369.3355580"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_84_1","DOI":"10.1145\/3487552.3487813"},{"key":"e_1_3_2_1_85_1","volume-title":"Deployment Challenges in Log-based PKI Enhancements. In European Workshop on Systems Security","author":"Matsumoto Stephanos","year":"2015","unstructured":"Stephanos Matsumoto , Pawel Szalachowski , and Adrian Perrig . 2015 . Deployment Challenges in Log-based PKI Enhancements. In European Workshop on Systems Security . Bordeaux, France. Stephanos Matsumoto, Pawel Szalachowski, and Adrian Perrig. 2015. Deployment Challenges in Log-based PKI Enhancements. In European Workshop on Systems Security. Bordeaux, France."},{"unstructured":"Misissued\/Suspicious Symantec Certificates [n. d.]. Misissued\/Suspicious Symantec Certifi- cates. https:\/\/groups.google.com\/forum\/#!msg\/mozilla.dev.security.policy\/fyJ3EK2YOP8\/ yvjS5leYCAAJ. Misissued\/Suspicious Symantec Certificates [n. d.]. Misissued\/Suspicious Symantec Certifi- cates. https:\/\/groups.google.com\/forum\/#!msg\/mozilla.dev.security.policy\/fyJ3EK2YOP8\/ yvjS5leYCAAJ.","key":"e_1_3_2_1_86_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_87_1","DOI":"10.1007\/978-3-540-78800-3_24"},{"unstructured":"Mozilla CA Recommendations 2017. CA\/Required or Recommended Practices. Mozilla Wiki. https:\/\/wiki.allizom.org\/CA\/Required_or_Recommended_Practices. Mozilla CA Recommendations 2017. CA\/Required or Recommended Practices. Mozilla Wiki. https:\/\/wiki.allizom.org\/CA\/Required_or_Recommended_Practices.","key":"e_1_3_2_1_88_1"},{"unstructured":"Mozilla Root Store Policy 2022. Mozilla Root Store Policy. Mozilla. https:\/\/www.mozilla.org\/en- US\/about\/governance\/policies\/security-group\/certs\/policy\/. Mozilla Root Store Policy 2022. Mozilla Root Store Policy. Mozilla. https:\/\/www.mozilla.org\/en- US\/about\/governance\/policies\/security-group\/certs\/policy\/.","key":"e_1_3_2_1_89_1"},{"unstructured":"Mozilla Root Store Policy Archive [n. d.]. Mozilla Root Store Policy Archive. https:\/\/wiki. mozilla.org\/CA\/Root_Store_Policy_Archive. Mozilla Root Store Policy Archive [n. d.]. Mozilla Root Store Policy Archive. https:\/\/wiki. mozilla.org\/CA\/Root_Store_Policy_Archive.","key":"e_1_3_2_1_90_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_91_1","DOI":"10.1145\/2674005.2674991"},{"key":"e_1_3_2_1_92_1","volume-title":"Proceedings of the USENIX Security Symposium","author":"Ou Xinming","year":"2005","unstructured":"Xinming Ou , Sudhakar Govindavajhala , Andrew W. Appel , 2005 . MulVAL: A Logic-based Network Security Analyzer .. In Proceedings of the USENIX Security Symposium . Baltimore, MD, 113--128. Xinming Ou, Sudhakar Govindavajhala, Andrew W. Appel, et al. 2005. MulVAL: A Logic-based Network Security Analyzer.. In Proceedings of the USENIX Security Symposium. Baltimore, MD, 113--128."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_93_1","DOI":"10.1145\/3487552.3487830"},{"doi-asserted-by":"crossref","unstructured":"Henning Perl Sascha Fahl and Matthew Smith. 2014. You Won't Be Needing These Any More: On Removing Unused Certificates From Trust Stores. In Financial Cryptography and Data Security. Henning Perl Sascha Fahl and Matthew Smith. 2014. You Won't Be Needing These Any More: On Removing Unused Certificates From Trust Stores. In Financial Cryptography and Data Security.","key":"e_1_3_2_1_94_1","DOI":"10.1007\/978-3-662-45472-5_20"},{"unstructured":"Matthew Prince. 2018. Encrypting SNI: Fixing One of the Core Internet Bugs. https: \/\/blog.cloudflare.com\/esni\/. Matthew Prince. 2018. Encrypting SNI: Fixing One of the Core Internet Bugs. https: \/\/blog.cloudflare.com\/esni\/.","key":"e_1_3_2_1_95_1"},{"key":"e_1_3_2_1_96_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Ramananandro Tahina","year":"2019","unstructured":"Tahina Ramananandro , Antoine Delignat-Lavaud , C\u00e9dric Fournet , Nikhil Swamy , Tej C hajed, Nadim Kobeissi , and Jonathan Protzenko . 2019 . EverParse: Verified Secure Zero-Copy Parsers for Authenticated Message Formats . In Proceedings of the USENIX Security Symposium. Tahina Ramananandro, Antoine Delignat-Lavaud, C\u00e9dric Fournet, Nikhil Swamy, Tej C hajed, Nadim Kobeissi, and Jonathan Protzenko. 2019. EverParse: Verified Secure Zero-Copy Parsers for Authenticated Message Formats. In Proceedings of the USENIX Security Symposium."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_97_1","DOI":"10.1145\/3143361.3143400"},{"unstructured":"Reducing TLS Certificate Lifespans to 398 Days 2020. Reducing TLS Certificate Lifespans to 398 Days. https:\/\/blog.mozilla.org\/security\/2020\/07\/09\/reducing-tls-certificate-lifespans-to- 398-days\/. Reducing TLS Certificate Lifespans to 398 Days 2020. Reducing TLS Certificate Lifespans to 398 Days. https:\/\/blog.mozilla.org\/security\/2020\/07\/09\/reducing-tls-certificate-lifespans-to- 398-days\/.","key":"e_1_3_2_1_98_1"},{"unstructured":"Ivan Ristic. 2013. Bulletproof SSL and TLS: Understanding and Deploying SSL\/TLS and PKI to Secure Servers and Web Applications (2 ed.). Feisty Duck. 97 pages. Ivan Ristic. 2013. Bulletproof SSL and TLS: Understanding and Deploying SSL\/TLS and PKI to Secure Servers and Web Applications (2 ed.). Feisty Duck. 97 pages.","key":"e_1_3_2_1_99_1"},{"unstructured":"Rusticata DER Parser [n. d.]. Rusticata DER Parser. https:\/\/github.com\/rusticata\/der-parser. Rusticata DER Parser [n. d.]. Rusticata DER Parser. https:\/\/github.com\/rusticata\/der-parser.","key":"e_1_3_2_1_100_1"},{"unstructured":"Rusticata X.509 Parser [n. d.]. Rusticata X.509 Parser. https:\/\/github.com\/rusticata\/x509-parser. Rusticata X.509 Parser [n. d.]. Rusticata X.509 Parser. https:\/\/github.com\/rusticata\/x509-parser.","key":"e_1_3_2_1_101_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_102_1","DOI":"10.14722\/ndss.2014.23379"},{"doi-asserted-by":"crossref","unstructured":"Peter Saint-Andre and Jeff Hodges. 2011. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC 6125. https:\/\/doi.org\/10. 17487\/RFC6125 Peter Saint-Andre and Jeff Hodges. 2011. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC 6125. https:\/\/doi.org\/10. 17487\/RFC6125","key":"e_1_3_2_1_103_1","DOI":"10.17487\/rfc6125"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_104_1","DOI":"10.1145\/3213232.3213235"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_105_1","DOI":"10.1145\/3278532.3278562"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_106_1","DOI":"10.1145\/2660267.2660376"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_107_1","DOI":"10.1145\/3419394.3423645"},{"unstructured":"Ryan Sleevi. 2020. Path Building vs Path Verifying: The Chain of Pain. Medium. https:\/\/ medium.com\/@sleevi_\/path-building-vs-path-verifying-the-chain-of-pain-9fbab861d7d6. Ryan Sleevi. 2020. Path Building vs Path Verifying: The Chain of Pain. Medium. https:\/\/ medium.com\/@sleevi_\/path-building-vs-path-verifying-the-chain-of-pain-9fbab861d7d6.","key":"e_1_3_2_1_108_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_109_1","DOI":"10.1145\/2976749.2978411"},{"key":"e_1_3_2_1_110_1","volume-title":"The Flask Security Architecture: System Support for Diverse Security Policies. In 8th USENIX Security Symposium (USENIX Security 99)","author":"Spencer Ray","year":"1999","unstructured":"Ray Spencer , Stephen Smalley , Peter Loscocco , Mike Hibler , Dave Andersen , and Jay Lepreau . 1999 . The Flask Security Architecture: System Support for Diverse Security Policies. In 8th USENIX Security Symposium (USENIX Security 99) . Ray Spencer, Stephen Smalley, Peter Loscocco, Mike Hibler, Dave Andersen, and Jay Lepreau. 1999. The Flask Security Architecture: System Support for Diverse Security Policies. In 8th USENIX Security Symposium (USENIX Security 99)."},{"key":"e_1_3_2_1_111_1","volume-title":"Proceedings of NDSS","author":"Stark Emily","year":"2012","unstructured":"Emily Stark , Lin-Shung Huang , Dinesh Israni , Collin Jackson , and Dan Boneh . 2012 . The Case for Prefetching and Prevalidating TLS Server Certificates . In Proceedings of NDSS . San Diego, California, USA. Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, and Dan Boneh. 2012. The Case for Prefetching and Prevalidating TLS Server Certificates. In Proceedings of NDSS. San Diego, California, USA."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_112_1","DOI":"10.1145\/3319535.3363222"},{"unstructured":"Nick Sullivan. 2017. High-reliability OCSP stapling and why it matters. CloudFlare. https: \/\/blog.cloudflare.com\/high-reliability-ocsp-stapling\/. Nick Sullivan. 2017. High-reliability OCSP stapling and why it matters. CloudFlare. https: \/\/blog.cloudflare.com\/high-reliability-ocsp-stapling\/.","key":"e_1_3_2_1_113_1"},{"doi-asserted-by":"crossref","unstructured":"Pawel Szalachowski Stephanos Matsumoto and Adrian Perrig. 2014. PoliCert: Secure and Flexible TLS Certificate Management. Pawel Szalachowski Stephanos Matsumoto and Adrian Perrig. 2014. PoliCert: Secure and Flexible TLS Certificate Management.","key":"e_1_3_2_1_114_1","DOI":"10.1145\/2660267.2660355"},{"volume-title":"Towards Short-lived Certificates","author":"Topalovic Emin","unstructured":"Emin Topalovic , Brennan Saeta , Lin-Shung Huang , Collin Jackson , and Dan Boneh . 2012. Towards Short-lived Certificates . In IEEE Web 2.0 Security and Privacy . Emin Topalovic, Brennan Saeta, Lin-Shung Huang, Collin Jackson, and Dan Boneh. 2012. Towards Short-lived Certificates. In IEEE Web 2.0 Security and Privacy.","key":"e_1_3_2_1_115_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_116_1","DOI":"10.1007\/978-3-642-29822-6_24"},{"unstructured":"Jeffrey D. Ullman. 1988. Principles of Database and Knowledge-Base Systems. Jeffrey D. Ullman. 1988. Principles of Database and Knowledge-Base Systems.","key":"e_1_3_2_1_117_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_118_1","DOI":"10.1145\/2741948.2741958"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_119_1","DOI":"10.1145\/2674005.2675015"},{"volume-title":"Proceedings of the ACM Internet Measurement Conference (IMC).","author":"VanderSloot Benjamin","unstructured":"Benjamin VanderSloot , Johanna Amann , Matthew Bernhard , Zakir Durumeric , Michael Bailey , and J. Alex Halderman . 2016. Towards a Complete View of the Certificate Ecosystem . In Proceedings of the ACM Internet Measurement Conference (IMC). Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J. Alex Halderman. 2016. Towards a Complete View of the Certificate Ecosystem. In Proceedings of the ACM Internet Measurement Conference (IMC).","key":"e_1_3_2_1_120_1"},{"key":"e_1_3_2_1_121_1","volume-title":"Riverbed: Enforcing User-defined Privacy Constraints in Distributed Web Services. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19)","author":"Wang Frank","year":"2019","unstructured":"Frank Wang , Ronny Ko , and James Mickens . 2019 . Riverbed: Enforcing User-defined Privacy Constraints in Distributed Web Services. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19) . 615--630. Frank Wang, Ronny Ko, and James Mickens. 2019. Riverbed: Enforcing User-defined Privacy Constraints in Distributed Web Services. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). 615--630."},{"key":"e_1_3_2_1_122_1","volume-title":"Theory and Practice of Logic Programming - Prolog Systems archive 12, 1","author":"Wielemaker Jan","year":"2012","unstructured":"Jan Wielemaker , Tom Schrijvers , Markus Triska , and Torbj\u00f6rn Lager . 2012. SWI-Prolog. Theory and Practice of Logic Programming - Prolog Systems archive 12, 1 ( 2012 ), 67--96. Jan Wielemaker, Tom Schrijvers, Markus Triska, and Torbj\u00f6rn Lager. 2012. SWI-Prolog. Theory and Practice of Logic Programming - Prolog Systems archive 12, 1 (2012), 67--96."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_123_1","DOI":"10.1145\/2980983.2908098"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_124_1","DOI":"10.1145\/2103621.2103669"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_125_1","DOI":"10.1145\/3472305.3472314"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_126_1","DOI":"10.1145\/1644893.1644896"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_127_1","DOI":"10.1145\/2663716.2663758"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_128_1","DOI":"10.1007\/978-3-319-30505-9_2"},{"unstructured":"ZLint [n. d.]. ZLint. https:\/\/github.com\/zmap\/zlint ZLint [n. d.]. ZLint. https:\/\/github.com\/zmap\/zlint","key":"e_1_3_2_1_129_1"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"CCS '22","name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA"},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560594","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560594","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T12:02:50Z","timestamp":1699358570000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560594"}},"subtitle":["A Framework for Pluggable, Logic-Based X.509 Certificate Validation Policies"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":128,"alternative-id":["10.1145\/3548606.3560594","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560594","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}