Trustworthy Name Resolution Using TLS Certificates with DoT-enabled Authoritative DNS Servers
T Murakami, K Shimabukuro, N Sato… - 2023 IEEE 47th …, 2023 - ieeexplore.ieee.org
… Therefore, in this paper, a trustworthy domain name resolution method using TLS certificates
… the DoT-based name resolution is extended to authoritative DNS servers and the certificate …
… the DoT-based name resolution is extended to authoritative DNS servers and the certificate …
PoliCert: Secure and flexible TLS certificate management
… ’s TLS PKI, we design and propose PoliCert, a log-based proposal that allows domains to
define policies governing the usage of their TLS certificates. … CAs and logs to resolve the issue. …
define policies governing the usage of their TLS certificates. … CAs and logs to resolve the issue. …
Here's my cert, so trust me, maybe? Understanding TLS errors on the web
D Akhawe, J Amann, M Vallentin… - Proceedings of the 22nd …, 2013 - dl.acm.org
… NSS’ chain resolution algorithm is lenient and can accept chains rejected by OpenSSL. This
… a certificate validates for a given hostname. Checking the hostname against the certificate is …
… a certificate validates for a given hostname. Checking the hostname against the certificate is …
Name Resolution
… As name resolution and path establishment are separate … We begin with an analysis of what
a name resolution service is … the TLS certificate against a pinned certificate for that server. …
a name resolution service is … the TLS certificate against a pinned certificate for that server. …
Attack-resilient TLS certificate transparency
… false certificate-issuance and ensures that a set of CAs validates every certificate before any
client will accept it. A certificate collectively approved by a set of CAs assures users that the …
client will accept it. A certificate collectively approved by a set of CAs assures users that the …
[PDF][PDF] Booters and Certificates: An Overview of TLS in the DDoS-as-a-Service Landscape
… of TLS certificates of current Booters. Further, we analyze the characteristics of the used of
TLS certificates (eg, certificate … , issuer and the validity of the certificate). To summarize, our con…
TLS certificates (eg, certificate … , issuer and the validity of the certificate). To summarize, our con…
Push away your privacy: Precise user tracking based on tls client certificate authentication
M Wachs, Q Scheitle, G Carle - 2017 Network Traffic …, 2017 - ieeexplore.ieee.org
… These names resolve to a variety of IP addresses in Apple’s … TLS CCA connections with
57,477 unique client certificates, of … certificates, we find 220 distinct issuer distinguished names (…
57,477 unique client certificates, of … certificates, we find 220 distinct issuer distinguished names (…
Toward secure name resolution on the internet
C Grothoff, M Wachs, M Ermert, J Appelbaum - Computers & Security, 2018 - Elsevier
… in RAINS proceeds along similar lines as in DNS, except network links use TLS (with
pinned certificates used to bootstrap), DNSSEC-style record signing is mandatory. The global …
pinned certificates used to bootstrap), DNSSEC-style record signing is mandatory. The global …
How to Measure TLS, X. 509 Certificates, and Web PKI: A Tutorial and Brief Survey
PF Tehrani, E Osterweil, TC Schmidt… - arXiv preprint arXiv …, 2024 - arxiv.org
… to measure TLS deployments, including X.509 certificates and Web … By surveying prior TLS
meaurement studies we find that … out of the top 1000 names in this list do not resolve to an IP …
meaurement studies we find that … out of the top 1000 names in this list do not resolve to an IP …
[PDF][PDF] The Case for Prefetching and Prevalidating TLS Server Certificates.
… that significantly speeds up the full TLS handshake. We discuss four certificate prefetching
strategies: (1) prefetch from DNS as part of a DNS domain-name resolution, (2) prefetch using …
strategies: (1) prefetch from DNS as part of a DNS domain-name resolution, (2) prefetch using …