Certification Authorities Under Attack: A Plea for Certificate Legitimation

@article{Oppliger2014CertificationAU,
  title={Certification Authorities Under Attack: A Plea for Certificate Legitimation},
  author={Rolf Oppliger},
  journal={IEEE Internet Computing},
  year={2014},
  volume={18},
  pages={40-47}
}
Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have put the security and usefulness of the Internet public-key infrastructure (PKI) at stake. In this article, the author argues that such attacks are likely to occur repeatedly and that respective countermeasures must be designed, implemented, and put in place. In particular, he discusses two problem areas in which countermeasures are needed: certificate revocation and certificate authorization… CONTINUE READING
Highly Cited
This paper has 17 citations. REVIEW CITATIONS

From This Paper

Figures, tables, results, connections, and topics extracted from this paper.
7 Extracted Citations
20 Extracted References
Similar Papers

Referenced Papers

Publications referenced by this paper.
Showing 1-10 of 20 references

Sheeri, “Public Key Pinning Extension for HTTP,

  • C. Evans, C. Palmer
  • IETF Internet draft, work in progress,
  • 2013

Certificate Authority Transparency and Auditability,

  • B. Laurie, A. Langley
  • white paper,
  • 2011

Defeating OCSP with the Character ‘3,’

  • M. Marlinspike
  • 2009

MD5 Considered Harmful Today — Creating a Rogue CA Certificate

  • A. Sotirov
  • tech. report, Eindhoven Univ. Tech.,
  • 2008

Similar Papers

Loading similar papers…