Tracking Certificate Misissuance in the Wild

Explore the systematic analysis of certificate errors in browser-trusted certificates through this IEEE Symposium on Security & Privacy presentation. Delve into the development and application of ZLint, a certificate linter that codifies CA/Browser Forum Baseline Requirements and RFC 5280 policies. Examine the drastic reduction in certificate errors since 2012, with only 0.02% of certificates containing errors in 2017. Investigate the disparity between large authorities consistently issuing correct certificates and the long tail of small authorities regularly producing non-conformant ones. Analyze the correlation between certificate errors and other types of mismanagement, as well as browser action for large authorities. Conclude by discussing how lint data can be utilized to identify authorities with concerning organizational practices and ensure the long-term health of the Web PKI.

Tracking Certificate Misissuance in the Wild