Certificate transparency policy (google groups). groups.google.com/a/chromium.org/forum/#!forum/ct-policy.
 Heather Adkins. An update on attempted man-in-the-middle attacks, 2011. security.googleblog.com/2011/08/update-on-attempted-man-in-middle.html.
 David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. Arpki: Attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 382–393. ACM, 2014.Google Scholar
 David A. Basin, Cas J. F. Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. ARPKI: attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 382–393, 2014.Google Scholar
 Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 41–55, 2004.Google Scholar
 Fabrice Boudot. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000, Proceeding, pages 431–444, 2000.Google Scholar
 Stefan Brands. Rapid demonstration of linear relations connected by boolean operators. In Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997, Proceeding, pages 318–333, 1997.Google Scholar
 Jan Camenisch, Rafik Chaabouni, and Abhi Shelat. Efficient protocols for set membership and range proofs. In Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings, pages 234–252, 2008.Google Scholar
 Jan Camenisch and Anna Lysyanskaya. A signature scheme with efficient protocols. In Security in Communication Networks, Third International Conference, SCN 2002, Amalfi, Italy, September 11-13, 2002. Revised Papers, pages 268–289, 2002.Google Scholar
 Jan Camenisch and Anna Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 56–72, 2004.Google Scholar
 Jan Camenisch and Markus Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999, Proceeding, pages 107–122, 1999.Google Scholar
 Melissa Chase and Sarah Meiklejohn. Transparency overlays and applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 168–179, 2016.Google Scholar
 David Chaum, Jan-Hendrik Evertse, and Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology - EUROCRYPT ’87, Workshop on the Theory and Application of of Cryptographic Techniques, Amsterdam, The Netherlands, April 13-15, 1987, Proceedings, pages 127–141, 1987.Google Scholar
 David Chaum and Torben P. Pedersen. Wallet databases with observers. In Advances in Cryptology - CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings, pages 89–105, 1992.Google Scholar
 Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. Efficient gossip protocols for verifying the consistency of certificate logs. In 2015 IEEE Conference on Communications and Network Security, CNS 2015, Florence, Italy, September 28-30, 2015, pages 415–423, 2015.Google Scholar
 Jeremy Clark and Paul C. van Oorschot. Sok: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013, pages 511–525, 2013.Google Scholar
 Gaby G. Dagher, Benedikt Bünz, Joseph Bonneau, Jeremy Clark, and Dan Boneh. Provisions: Privacy-preserving proofs of solvency for bitcoin exchanges. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 720–731, 2015.Google Scholar
 Ivan Damgård and Eiichiro Fujisaki. An integer commitment scheme based on groups with hidden order. IACR Cryptology ePrint Archive, 2001:64, 2001.Google Scholar
 Benjamin Dowling, Felix Günther, Udyani Herath, and Douglas Stebila. Secure logging schemes and certificate transparency. In Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II, pages 140–158, 2016.Google Scholar
 Peter Eckersley. Sovereign keys: A proposal to make https and email more secure. Electronic Frontier Foundation, 18, 2011.Google Scholar
 Mohammad Etemad and Alptekin Küpçü. Efficient Key Authentication Service for Secure End-to-End Communications, pages 183–197. Springer International Publishing, Cham, 2015.Google Scholar
 C. Evans, C. Palmer, and R. Sleevi. Public key pinning extension for http. RFC 7469, April 2015.Google Scholar
 Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek, and Matthew Smith. Hey, NSA: stay away from my market! future proofing app markets against powerful attackers. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1143–1155, 2014.Google Scholar
 Electronic Frontier Foundation. Sovereign keys. www.eff.org/sovereign-keys.
 Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, and Leonid Reyzin. NSEC5 from elliptic curves: Provably preventing DNSSEC zone enumeration with shorter responses. IACR Cryptology ePrint Archive, 2016:83, 2016.Google Scholar
 P. Hoffman and J. Schlyter. The dns-based authentication of named entities (dane) transport layer security (tls) protocol: Tlsa. RFC 6698, August 2012.Google Scholar
 James Kasten, Eric Wustrow, and J Alex Halderman. Cage: Taming certificate authorities by inferring restricted scopes. In International Conference on Financial Cryptography and Data Security, pages 329–337. Springer, 2013.CrossrefGoogle Scholar
 Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil D. Gligor. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In 22nd International World Wide Web Conference, WWW ’13, Rio de Janeiro, Brazil, May 13-17, 2013, pages 679–690, 2013.Google Scholar
 Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perring, Collin Jackson, and Virgil Gligor. Accountable key infrastructure (aki): a proposal for a public-key validation infrastructure. In Proceedings of the 22nd international conference on World Wide Web, pages 679–690. ACM, 2013.Google Scholar
 B. Laurie and E. Kasper. Revocation transparency. www.links.org/files/RevocationTransparency.pdf.
 B. Laurie, A. Langley, and E. Kasper. Certificate transparency. RFC 6962, June 2013.Google Scholar
 B. Laurie, A. Langley, E. Kasper, E. Messeri, and R. Stradling. Certificate transparency version 2.0. RFC-bis 6962-bis, 2017.Google Scholar
 Ben Laurie. Improving ssl certificate security, 2011. security.googleblog.com/2011/04/improving-ssl-certificate-security.html.
 Moxie Marlinspike and Trevor Perrin. Trust assertions for certificate keys. tack.io/draft.html, 2013.
 Sarah Meiklejohn, C. Christopher Erway, Alptekin Küpçü, Theodora Hinkle, and Anna Lysyanskaya. ZKPDL: A language-based system for efficient zero-knowledge proofs and electronic cash. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pages 193–206, 2010.Google Scholar
 Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. CONIKS: bringing key transparency to end users. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015., pages 383–398, 2015.Google Scholar
 Andrew Miller, Michael Hicks, Jonathan Katz, and Elaine Shi. Authenticated data structures, generically. In ACM SIGPLAN Notices, volume 49, pages 411–423. ACM, 2014.Google Scholar
 Namecoin. namecoin.org.Google Scholar
 Torben P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology - CRYPTO ’91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1991, Proceedings, pages 129–140, 1991.Google Scholar
 Roel Peeters and Tobias Pulls. Insynd: Improved privacy-preserving transparency logging. In Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II, pages 121–139, 2016.Google Scholar
 Tobias Pulls and Roel Peeters. Balloon: A forward-secure append-only persistent authenticated data structure. In Computer Security - ESORICS 2015 - 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II, pages 622–641, 2015.Google Scholar
 Ronald L. Rivest. Can we eliminate certificate revocations lists? In Financial Cryptography, Second International Conference, FC’98, Anguilla, British West Indies, February 23-25, 1998, Proceedings, pages 178–183, 1998.Google Scholar
 Mark Dermot Ryan. Enhanced certificate transparency and end-to-end encrypted mail. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014.Google Scholar
 Claus-Peter Schnorr. Efficient signature generation by smart cards. J. Cryptology, 4(3):161–174, 1991.Google Scholar
 Abhishek Singh, Binanda Sengupta, and Sushmita Ruj. Certificate transparency with enhancements and short proofs. 2017.Google Scholar
 R. Stradling and E. Messeri. Certificate transparency: Domain label redaction. Internet-draft, 2017.Google Scholar
 Emin Topalovic, Brennan Saeta, Lin shung Huang, Collin Jackson, and Dan Boneh. Towards short-lived certificates. In W2SP, 2012.Google Scholar
 Jelle van den Hooff, M. Frans Kaashoek, and Nickolai Zeldovich. Versum: Verifiable computations over large public logs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1304–1316, 2014.Google Scholar
 Dan Wendlandt, David G. Andersen, and Adrian Perrig. Perspectives: improving ssh-style host authentication with multi-path probing. In 2008 USENIX Annual Technical Conference, Boston, pages 321–334, 2008.Google Scholar
 Andrew Whalley. Distrusting wosign and startcom certificates, 2016. security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html.
 J. Yu, M. Ryan, and C. Kremers. Decim: Detecting endpoint compromise in messaging. IACR Cryptology ePrint Archive, 2015, 2015.Google Scholar
About the article
Published Online: 2017-10-10
Published in Print: 2017-10-01
Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2017, Issue 4, Pages 329–344, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2017-0052.
© 2017 Saba Eskandarian et al., published by De Gruyter Open. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0