Towards a Complete View of the Certificate Ecosystem

TitleTowards a Complete View of the Certificate Ecosystem
Publication TypeConference Paper
Year of Publication2016
AuthorsVanderSloot, B., Amann J., Bernhard M., Durumeric Z., Bailey M., & J. Halderman A.
Published inProceeings of 16th Internet Measurement Conference (IMC'16)
Date Published10/2016

The HTTPS certificate ecosystem has been of great interest to the measurement and security communities. Without any ground truth, researchers have attempted to study this PKI from a variety of fragmented perspectives, including passively monitored networks, scans of the popular domains
or the IPv4 address space, search engines such as Censys, and Certificate Transparency (CT) logs. In this work, we comparatively analyze all these perspectives. We find that aggregated CT logs and Censys snapshots have many properties that complement each other, and that together they encompass over 99% of all certificates found by any of these techniques. However, they still miss 1.5% of certificates observed in a crawl of all domains in .com, .net, and .org. We go on to illustrate how this combined perspective affects results from previous studies. In light of these findings, we have worked with the operators of Censys to incorporate CT log data into its results going forward, and we recommend that future HTTPS measurement adopt this new vantage.

ICSI Research Group

Networking and Security