[44]
[n.d.]. crypto: add deprecated ValiCert CA for cross cert. https://github.com/
nodejs/node/pull/1135.
[45] [n.d.]. Debian ca-certicates. https://salsa.debian.org/debian/ca-certicates.
[46] [n.d.]. Docker hub: alpine. https://hub.docker.com/_/alpine/.
[47] [n.d.]. Docker hub: amazonlinux. https://hub.docker.com/_/amazonlinux.
[48] [n.d.]. Erlang OTP SSL. https://github.com/erlang/otp/tree/master/lib/ssl.
[49] [n.d.]. GnuTLS. https://gitlab.com/gnutls/gnutls/blob/master/README.md.
[50]
com/a/mozilla.org/g/dev-security-policy.
[51]
[n.d.]. Google Groups: mozilla.dev.security.policy. https://groups.google.com/g/
mozilla.dev.security.policy.
[52]
[n.d.]. Java SE CA Root Certicate Program. https://www.oracle.com/java/
technologies/javase/carootcertsprogram.html.
[53] [n.d.]. LibreSSL libtls. https://cvsweb.openbsd.org/src/lib/libtls/.
[54] [n.d.]. MatrixSSL. https://github.com/matrixssl/matrixssl.
[55] [n.d.]. Mbed TLS. https://github.com/ARMmbed/mbedtls.
[56]
[n.d.]. Microsec new (ECC) Root Inclusion Request. https://bugzilla.mozilla.org/
show_bug.cgi?id=1445364.
[57] [n.d.]. Mozilla CA/FAQ. https://wiki.mozilla.org/CA/FAQ.
[58] [n.d.]. Network Security Services (NSS). https://hg.mozilla.org/projects/nss.
[59] [n.d.]. NodeJS. https://github.com/nodejs/node.
[60] [n.d.]. OkHttp. https://github.com/square/okhttp.
[61] [n.d.]. OpenJDK. http://hg.openjdk.java.net/.
[62] [n.d.]. OpenJDK source. https://github.com/openjdk/.
[63] [n.d.]. OpenSSL. https://github.com/openssl/openssl.
[64]
[n.d.]. Removed CA Certicate List. https://ccadb-public.secure.force.com/
mozilla/RemovedCACerticateReport.
[65]
[n.d.]. Review Request: ca-cacert.org - CAcert.org CA root certicates. https://
bugzilla.redhat.com/show_bug.cgi?id=474549.
[66]
[n.d.]. Root certicates used by Opera. https://web.archive.org/web/
20150207210358/http://www.opera.com/docs/ca/.
[67] [n.d.]. RSA BSAFE. https://community.rsa.com/community/products/bsafe.
[68] [n.d.]. s2n. https://github.com/awslabs/s2n.
[69] [n.d.]. Secure Transport. https://opensource.apple.com/source/Security/.
[70]
[n.d.]. Secure Transport. https://developer.apple.com/documentation/security/
secure_transport.
[71]
[n.d.]. Super-CAs. https://wiki.mozilla.org/CA/Subordinate_CA_Checklist#
Super-CAs.
[72]
[n.d.]. Symantec root certs - Set CKA_NSS_SERVER_DISTRUST_AFTER. https://
bugzilla.mozilla.org/show_bug.cgi?id=1618404.
[73]
[n.d.]. Ubuntu ca-certicates. https://launchpad.net/ubuntu/+source/ca-
certicates.
[74] [n.d.]. wolfSSL. https://github.com/wolfSSL/wolfssl.
[75]
2005. Apple Root Certicate Program. https://web.archive.org/web/
20050503225244/http://www.apple.com/certicateauthority/ca_program.html.
[76]
2010. Windows root certicate program members. https://web.archive.org/web/
20110728002957/http://support.microsoft.com/kb/931125.
[77] 2011. Security Update 2011-005. https://support.apple.com/kb/dl1447.
[78]
2015. The MCS Incident and Its Consequences for CNNIC. https://blog.mozilla.
org/security/les/2015/04/CNNIC-MCS.pdf.
[79]
2018. Electron’s chromium is trusting dierent CAs then Electron’s NodeJS.
https://github.com/electron/electron/issues/11741.
[80]
2018. Implement the Symantec distrust plan from
Bug 1409257. https://hg.mozilla.org/mozreview/gecko/rev/
f6c9341fde050d7079a8934636644aaf54bde922.
[81]
2018. Secure Channel. https://docs.microsoft.com/en-us/windows/win32/
secauthn/secure-channel.
[82]
Heather Adkins. 2011. An update on attempted man-in-the-middle at-
tacks. https://security.googleblog.com/2011/08/update-on-attempted-man-in-
middle.html.
[83]
Bernhard Amann, Robin Sommer, Matthias Vallentin, and Seth Hall. 2013. No
attack necessary: The surprising dynamics of SSL trust relationships. In 29th
Annual Computer Security Applications Conference.
[84]
Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, and Prateek
Mittal. 2018. Bamboozling Certicate Authorities with BGP. In 27th USENIX
Security Symposium (USENIX Security).
[85]
Johannes Braun and Gregor Rynkowski. 2013. The potential of an individualized
set of trusted CAs: Defending against CA failures in the Web PKI. In International
Conference on Social Computing. IEEE.
[86]
Taejoong Chung, Yabing Liu, David Chones, Dave Levin, Bruce MacDowell
Maggs, Alan Mislove, and Christo Wilson. 2016. Measuring and applying
invalid SSL certicates: the silent majority. In 16th ACM Internet Measurement
Conference.
[87]
Jeremy Clark and Paul C Van Oorschot. 2013. SoK: SSL and HTTPS: Revisiting
past challenges and evaluating certicate trust model enhancements. In 34th
IEEE Symposium on Security and Privacy.
[88]
Jon Douglas. [n.d.]. Incident: NuGet Restore Issues on Debian Family Linux
Distros. https://github.com/NuGet/Announcements/issues/49.
[89]
Zakir Durumeric, James Kasten, Michael Bailey, and J Alex Halderman. 2013.
Analysis of the HTTPS certicate ecosystem. In 13th ACM Internet Measurement
Conference.
[90]
Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan,
Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson. 2017. The
Security Impact of HTTPS Interception. In Network & Distributed System Security
Symposium (NDSS ’17).
[91]
Jens Hiller, Johanna Amann, and Oliver Hohlfeld. 2020. The Boon and Bane of
Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastruc-
tures. In 27th ACM Conference on Computer and Communications Security.
[92]
Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL
Landscape: A Thorough Analysis of the X.509 PKI Using Active and Passive
Measurements. In 11th ACM Internet Measurement Conference.
[93]
James Kasten, Eric Wustrow, and J Alex Halderman. 2013. CAge: Taming
certicate authorities by inferring restricted scopes. In International Conference
on Financial Cryptography and Data Security.
[94]
Je Kline, Paul Barford, Aaron Cahn, and Joel Sommers. 2017. On the structure
and characteristics of user agent string. In 17th Internet Measurement Conference.
[95]
Nikita Korzhitskii and Niklas Carlsson. 2020. Characterizing the Root Landscape
of Certicate Transparency Logs. In IFIP Networking Conference (Networking).
[96]
Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle
Beck, David Adrian, Joshua Mason, Zakir Durumeric, J Alex Halderman, and
Michael Bailey. 2018. Tracking certicate misissuance in the wild. In 39th IEEE
Symposium on Security and Privacy.
[97]
Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certicate Transparency.
RFC 6962. https://rfc-editor.org/rfc/rfc6962.txt
[98]
Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, and Michael
Bailey. 2021. What’s in a Name? Exploring CA Certicate Control. In 30th
USENIX Security Symposium (USENIX Security ’21).
[99] Mozilla. [n.d.]. Common CA Database. https://www.ccadb.org/.
[100]
Mozilla. [n.d.]. WoSign and StartCom. https://docs.google.com/document/d/
1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/edit.
[101]
Johnathan Nightingale. 2011. DigiNotar Removal Follow Up. https://blog.
mozilla.org/security/2011/09/02/diginotar-removal-follow-up/.
[102]
Johnathan Nightingale. 2011. Fraudulent *.google.com Certicate. https://
blog.mozilla.org/security/2011/08/29/fraudulent-google-com-certicate/.
[103]
Devin O’Brien, Ryan Sleevi, and Andrew Whalley. [n.d.]. Chrome Plan
to Distrust Symantec Certicates. https://security.googleblog.com/2017/09/
chromes-plan-to-distrust-symantec.html.
[104]
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M.
Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D.
Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn:
Machine Learning in Python. Journal of Machine Learning Research 12 (2011),
2825–2830.
[105]
Henning Perl, Sascha Fahl, and Matthew Smith. 2014. You won’t be needing these
any more: On removing unused certicates from trust stores. In International
Conference on Financial Cryptography and Data Security.
[106]
Ryan Sleevi. [n.d.]. Announcing the Chrome Root Program. https://groups.
google.com/g/mozilla.dev.security.policy/c/3Q36J4nQs/m/VyWFiVwrBQAJ.
[107]
Rob Stradling. [n.d.]. authroot.stl. https://github.com/robstradling/authroot.stl.
[108]
Wayne Thayer. [n.d.]. DarkMatter Concerns. https://groups.google.com/g/
mozilla.dev.security.policy/c/nnLVNfqgz7g/m/TseYqDzaDAAJ.
[109]
Narseo Vallina-Rodriguez, Johanna Amann, Christian Kreibich, Nicholas Weaver,
and Vern Paxson. 2014. A Tangled Mass: The Android Root Certicate Stores.
In 10th ACM Conference on emerging Networking Experiments and Technologies.
[110]
Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric,
Michael Bailey, and J Alex Halderman. 2016. Towards a complete view of the
certicate ecosystem. In 16th ACM Internet Measurement Conference.
[111]
Louis Waked, Mohammad Mannan, and Amr Youssef. 2018. To intercept or
not to intercept: Analyzing TLS interception in network appliances. In Asia
Conference on Computer and Communications Security.
[112]
Ben Wilson. [n.d.]. Quantifying the Value of Adding a New CA. https://
groups.google.com/a/mozilla.org/g/dev-security-policy/c/LT_5efOFsSU.
[113]
Kathleen Wilson. 2016. https://blog.mozilla.org/security/2016/10/24/distrusting-
new-wosign-and-startcom-certicates/.
13