{"id":"https://openalex.org/W4415222299","doi":"https://doi.org/10.1145/3730567.3732921","title":"Chaos in the Chain: Evaluate Deployment and Construction Compliance of Web PKI Certificate Chain","display_name":"Chaos in the Chain: Evaluate Deployment and Construction Compliance of Web PKI Certificate Chain","publication_year":2025,"publication_date":"2025-10-15","ids":{"openalex":"https://openalex.org/W4415222299","doi":"https://doi.org/10.1145/3730567.3732921"},"language":"en","primary_location":{"id":"doi:10.1145/3730567.3732921","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3732921","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3730567.3732921","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3730567.3732921","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100838772","display_name":"Jia Yao","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jia Yao","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070997167","display_name":"Yiming Zhang","orcid":"https://orcid.org/0000-0002-6774-5299"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiming Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101694986","display_name":"Baojun Liu","orcid":"https://orcid.org/0000-0002-9032-8063"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Baojun Liu","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050117929","display_name":"Zhan Li Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhan Liu","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018482133","display_name":"Mingming Zhang","orcid":"https://orcid.org/0000-0001-9797-6875"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mingming Zhang","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100838772"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33671691,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"171","last_page":"184"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10679","display_name":"Service-Oriented Architecture and Web Services","score":0.9732999801635742,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9542999863624573,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6589000225067139},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6216999888420105},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.5081999897956848},{"id":"https://openalex.org/keywords/root-certificate","display_name":"Root certificate","score":0.44269999861717224},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4401000142097473},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.4034000039100647},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.3822999894618988},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.37049999833106995}],"concepts":[{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6589000225067139},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6510000228881836},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6313999891281128},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6216999888420105},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.5081999897956848},{"id":"https://openalex.org/C62057728","wikidata":"https://www.wikidata.org/wiki/Q7366568","display_name":"Root certificate","level":5,"score":0.44269999861717224},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4401000142097473},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.4034000039100647},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.3822999894618988},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.37049999833106995},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.3617999851703644},{"id":"https://openalex.org/C175093008","wikidata":"https://www.wikidata.org/wiki/Q758251","display_name":"Authorization certificate","level":5,"score":0.33640000224113464},{"id":"https://openalex.org/C167529545","wikidata":"https://www.wikidata.org/wiki/Q274758","display_name":"Public key certificate","level":4,"score":0.33469998836517334},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.3133000135421753},{"id":"https://openalex.org/C154800190","wikidata":"https://www.wikidata.org/wiki/Q16941470","display_name":"Trust anchor","level":4,"score":0.3093999922275543},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.30140000581741333},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2793999910354614},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C139089976","wikidata":"https://www.wikidata.org/wiki/Q2142273","display_name":"Trusted third party","level":2,"score":0.26510000228881836},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2644999921321869},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.25940001010894775}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3730567.3732921","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3732921","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3730567.3732921","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3730567.3732921","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3732921","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3730567.3732921","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2580485080","display_name":null,"funder_award_id":"62302258","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4259928007","display_name":null,"funder_award_id":"62102218","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6330607538","display_name":null,"funder_award_id":"23022","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4415222299.pdf"},"referenced_works_count":8,"referenced_works":["https://openalex.org/W2246618912","https://openalex.org/W2915352631","https://openalex.org/W3107552365","https://openalex.org/W3212377246","https://openalex.org/W3213073946","https://openalex.org/W4210531213","https://openalex.org/W4232172926","https://openalex.org/W4298051233"],"related_works":[],"abstract_inverted_index":{"Transport":[0],"Layer":[1],"Security":[2],"(TLS)":[3],"is":[4],"a":[5,159],"cornerstone":[6],"to":[7,161],"secure":[8],"Internet":[9],"communications.":[10],"It":[11],"requires":[12],"proper":[13],"deployment":[14,63,190],"and":[15,65,79,104,115,119,147,191],"validation":[16,41],"of":[17,46,57,89,133,193],"certificate":[18,58,176,194],"chains.":[19,106,151,195],"During":[20],"validation,":[21],"clients":[22],"must":[23],"first":[24,54],"construct":[25],"the":[26,39,53,69,122,126,166,189],"chain":[27,36,59,177],"from":[28,76],"server-provided":[29],"certificates.":[30],"However,":[31],"existing":[32],"research":[33],"often":[34],"integrates":[35],"construction":[37,192],"into":[38],"broader":[40],"process,":[42],"lacking":[43],"independent":[44],"analysis":[45],"this":[47],"crucial":[48],"step.":[49],"This":[50],"paper":[51],"presents":[52],"systematic":[55],"assessment":[56],"construction,":[60],"covering":[61],"server-side":[62],"compliance":[64,108],"client-side":[66],"capabilities.":[67],"On":[68,125],"server":[70,114],"side,":[71,128],"we":[72,129,183],"summarized":[73],"structural":[74],"requirements":[75],"RFC":[77],"standards":[78],"evaluated":[80,130],"real-world":[81],"website":[82],"compliance.":[83],"We":[84],"found":[85],"that":[86],"approximately":[87],"3%":[88],"Tranco":[90],"Top":[91],"1M":[92],"domains":[93],"have":[94],"deployed":[95],"non-compliant":[96],"chains,":[97],"with":[98,149],"common":[99],"issues":[100],"including":[101],"reversed":[102],"sequences":[103],"incomplete":[105],"The":[107],"would":[109],"be":[110],"influenced":[111],"by":[112],"HTTP":[113,163],"Certificate":[116],"Authority":[117],"checks":[118],"guidance":[120],"during":[121],"configuration":[123],"process.":[124],"client":[127],"9":[131],"types":[132],"chain-building":[134],"capabilities":[135],"across":[136],"8":[137],"mainstream":[138],"TLS":[139,156],"implementations,":[140],"uncovering":[141],"prevalent":[142],"deficiencies":[143,153],"like":[144],"inadequate":[145],"backtracking":[146],"difficulties":[148],"long":[150],"These":[152],"could":[154],"compromise":[155],"security,":[157],"causing":[158],"fallback":[160],"insecure":[162],"or":[164],"making":[165],"service":[167],"unavailable.":[168],"Our":[169],"findings":[170],"highlight":[171],"critical":[172],"gaps":[173],"in":[174],"current":[175],"practices.":[178],"Based":[179],"on":[180],"our":[181],"findings,":[182],"also":[184],"propose":[185],"recommendations":[186],"for":[187],"improving":[188]},"counts_by_year":[],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-16T00:00:00"}