{"id":"https://openalex.org/W4387880483","doi":"https://doi.org/10.1145/3618257.3624802","title":"Stale TLS Certificates: Investigating Precarious Third-Party Access to Valid TLS Keys","display_name":"Stale TLS Certificates: Investigating Precarious Third-Party Access to Valid TLS Keys","publication_year":2023,"publication_date":"2023-10-23","ids":{"openalex":"https://openalex.org/W4387880483","doi":"https://doi.org/10.1145/3618257.3624802"},"language":"en","primary_location":{"id":"doi:10.1145/3618257.3624802","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3618257.3624802","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3618257.3624802","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3618257.3624802","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087894470","display_name":"Zane Ma","orcid":"https://orcid.org/0000-0003-4501-066X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zane Ma","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0003-4501-066X","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050993271","display_name":"Aaron Faulkenberry","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aaron Faulkenberry","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-4077-2772","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050158986","display_name":"Thomas Papastergiou","orcid":"https://orcid.org/0009-0003-5199-8691"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Papastergiou","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0009-0003-5199-8691","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069939742","display_name":"Zakir Durumeric","orcid":"https://orcid.org/0000-0002-9647-4192"},"institutions":[{"id":"https://openalex.org/I1743320","display_name":"Palo Alto University","ror":"https://ror.org/04f812k67","country_code":"US","type":"education","lineage":["https://openalex.org/I1743320"]},{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zakir Durumeric","raw_affiliation_strings":["Stanford University, Palo Alto, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-9647-4192","affiliations":[{"raw_affiliation_string":"Stanford University, Palo Alto, CA, USA","institution_ids":["https://openalex.org/I1743320","https://openalex.org/I97018004"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051689471","display_name":"Michael D. Bailey","orcid":"https://orcid.org/0000-0002-0250-9164"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael D. Bailey","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-0250-9164","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023057383","display_name":"Angelos D. Keromytis","orcid":"https://orcid.org/0000-0003-3815-5932"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Angelos D. Keromytis","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0003-3815-5932","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069862528","display_name":"Fabian Monrose","orcid":"https://orcid.org/0000-0002-9805-2217"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fabian Monrose","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-9805-2217","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067105657","display_name":"Manos Antonakakis","orcid":"https://orcid.org/0000-0003-1578-8307"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Manos Antonakakis","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0003-1578-8307","affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5087894470"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":1.1929,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.83430904,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"222","last_page":"235"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11478","display_name":"Caching and Content Delivery","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7183725833892822},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7015659213066101},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6883656978607178},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.6214662194252014},{"id":"https://openalex.org/keywords/public-key-certificate","display_name":"Public key certificate","score":0.553542971611023},{"id":"https://openalex.org/keywords/root-certificate","display_name":"Root certificate","score":0.5443969368934631},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.5368362665176392},{"id":"https://openalex.org/keywords/revocation-list","display_name":"Revocation list","score":0.49847412109375},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.48727738857269287},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.4691775143146515},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.3974011540412903},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.2873991131782532},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.26978397369384766},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.10917732119560242}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7183725833892822},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7015659213066101},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6883656978607178},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.6214662194252014},{"id":"https://openalex.org/C167529545","wikidata":"https://www.wikidata.org/wiki/Q274758","display_name":"Public key certificate","level":4,"score":0.553542971611023},{"id":"https://openalex.org/C62057728","wikidata":"https://www.wikidata.org/wiki/Q7366568","display_name":"Root certificate","level":5,"score":0.5443969368934631},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.5368362665176392},{"id":"https://openalex.org/C147296133","wikidata":"https://www.wikidata.org/wiki/Q196765","display_name":"Revocation list","level":5,"score":0.49847412109375},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.48727738857269287},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4691775143146515},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.3974011540412903},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.2873991131782532},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.26978397369384766},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.10917732119560242}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3618257.3624802","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3618257.3624802","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3618257.3624802","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3618257.3624802","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3618257.3624802","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3618257.3624802","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6499999761581421}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387880483.pdf","grobid_xml":"https://content.openalex.org/works/W4387880483.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W1995989152","https://openalex.org/W2008524185","https://openalex.org/W2019016802","https://openalex.org/W2130867912","https://openalex.org/W2145994642","https://openalex.org/W2146752727","https://openalex.org/W2299781188","https://openalex.org/W2487661922","https://openalex.org/W2510523362","https://openalex.org/W2535407856","https://openalex.org/W2550748725","https://openalex.org/W2555495615","https://openalex.org/W2612070316","https://openalex.org/W2634547503","https://openalex.org/W2788552719","https://openalex.org/W2791815824","https://openalex.org/W2923887728","https://openalex.org/W2980658844","https://openalex.org/W2988889042","https://openalex.org/W3008428742","https://openalex.org/W3111533025","https://openalex.org/W3138536121"],"related_works":["https://openalex.org/W2300877280","https://openalex.org/W2111375600","https://openalex.org/W2596139382","https://openalex.org/W2131590289","https://openalex.org/W2360370532","https://openalex.org/W2170764533","https://openalex.org/W1612032142","https://openalex.org/W151108224","https://openalex.org/W4313128548","https://openalex.org/W1915479549"],"abstract_inverted_index":{"Certificate":[0],"authorities":[1],"enable":[2,87],"TLS":[3,152],"server":[4],"authentication":[5,54],"by":[6],"generating":[7],"certificates":[8],"that":[9,86,105],"attest":[10],"to":[11,24,90,140,150],"the":[12,53,72,126,136],"mapping":[13],"between":[14],"a":[15,19,33,36,57,88,92,144],"domain":[16,93],"name":[17],"and":[18,61,79],"cryptographic":[20,44],"keypair,":[21],"for":[22],"up":[23],"398":[25],"days.":[26],"This":[27],"static,":[28],"name-to-key":[29],"caching":[30],"mechanism":[31],"belies":[32],"complex":[34],"reality:":[35],"tangle":[37],"of":[38,49,75,83,95,100,129],"dynamic":[39],"infrastructure":[40],"involving":[41],"domains,":[42],"servers,":[43],"keys,":[45],"etc.":[46],"When":[47],"any":[48],"these":[50,101],"operations":[51],"changes,":[52],"information":[55],"in":[56,147],"certificate":[58,76,118,131],"becomes":[59],"stale":[60],"no":[62],"longer":[63],"accurately":[64],"reflects":[65],"reality.":[66],"In":[67],"this":[68],"work,":[69],"we":[70,124],"examine":[71,125],"broader":[73],"phenomenon":[74],"invalidation":[77],"events":[78,85],"discover":[80],"three":[81],"classes":[82],"security-relevant":[84],"third-party":[89],"impersonate":[91],"outside":[94],"their":[96],"control.":[97],"Longitudinal":[98],"measurement":[99],"precarious":[102,148],"scenarios":[103],"reveals":[104],"they":[106],"affect":[107],"over":[108],"15K":[109],"new":[110],"domains":[111],"per":[112],"day,":[113],"on":[114],"average.":[115],"Unfortunately,":[116],"modern":[117],"revocation":[119],"provides":[120],"little":[121],"recourse,":[122],"so":[123],"potential":[127],"impact":[128],"reducing":[130],"lifetimes":[132],"(cache":[133],"duration):":[134],"shortening":[135],"current":[137],"398-day":[138],"limit":[139],"90":[141],"days":[142],"yields":[143],"75%":[145],"decrease":[146],"access":[149],"valid":[151],"keys.":[153]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}