[1] Microsoft. Microsoft security bulletin MS01-017: Erroneous veriSign-issued digital certificates pose spoofing Hazard [OL]. (2003-06-23) [2018-10-15]. https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-017
[2] Mike Z. Criminal charges are not pursued: Hacking PKI [OL]. (2008) [2018-10-15]. https://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-zusman-hacking_pki.pdf
[3] SSL Shopper. SSL certificate for Mozilla.com issued without validation [OL]. (2008-12-23) [2018-10-15]. https://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html
[4] Google Security Blog. Enhancing digital certificate security [OL]. (2013-01-03) [2018-10-15]. https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html
[5] Google Security Blog. Further improving digital certificate security [OL]. (2013-12-07) [2018-10-15]. https://security.googleblog.com/2013/12/further-improving-digital-certificate.html
[6] Google Security Blog. Sustaining digital certificate security[OL]. (2015-10-28) [2018-10-15]. https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html
[7] Ryan Sleevi. Intent to deprecate and Remove: Trust in existing symantec-issued certificates [OL]. (2017-03-24) [2018-10-15]. https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/rpxMXjZHCQAJ
[8] Darin Fisher. Intent to deprecate and remove: Trust in existing symantec-issued certificates [OL]. (2017-03-24) [2018-10-15]. https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs%5B251-275%5D
[9] Ivan Ristić. Monitoring of symantec certificates. [OL]. (2017-08-15) [2018-10-15]. https://www.hardenize.com/blog/monitoring-of-symantec-certificates
[10] Mozilla Security Blog. Comodo certificate issue – Follow up [OL]. (2011-03-25) [2018-10-15]. https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/
[11] VASCO Data Security International Inc. DigiNotar reports security incident [OL]. (2011-08-30) [2018-10-15]. https://www.vasco.com/about-vasco/press/2011/news_diginotar_reports_security_incident.html
[12] CA Security. In the wake of unauthorized certificate issuance by the Indian CA NIC, can government CAs still be considered “Trusted Third Parties” [OL]. (2014-07-24) [2018-10-15]. https://casecurity.org/2014/07/24/unauthorized-certificate-issuance/
[13] Google. Maintaining digital certificate security [OL]. (2014-07-08) [2018-10-15]. https://security.googleblog.com/2014/07/maintaining-digital-certificate-security.html
[14] Alexander S, Marc S, Jacob A, et al. MD5 considered harmful today [OL]. (2008-12-30) [2018-10-15]. http://www.win.tue.nl/hashclash/rogue-ca/
[15] Wikipedia. Flame (malware) [OL]. (2018-11-21) [2018-12-11]. https://en.wikipedia.org/wiki/Flame_(malware)
[16] Evans C, Palmer C, Sleevi R. Public key pinning extension for HTTP [S/OL]. IETF RFC 7469, 2015[2018-10-15]. https://tools.ietf.org/html/rfc7469
[17] Modell M, Toth G, Loesch C, et al. Certificate patrol [OL]. 2014[2018-12-11]. http://patrol.psyced.org/
[18] Marlinspike M, Perrin T. Trust assertions for certificate keys [OL]. (2013-01-07) [2018-10-15]. http://tack.io/draft.html
[19] Braun J, Volk F, Classen J, et al. CA trust management for the Web PKI [J]. Journal of Computer Security, 2014, 22(6):913-959
[20] Abadi M, Birrell A, Mironov I, et al. Global authentication in an untrustworthy world [C] //Proc of the 16th USENIX Conf on Hot Topics in Operating Systems. Berkeley: USENIX Association, 2013:19-19
[21] Kasten J, Wustrow E, Halderman J A. Cage: Taming certificate authorities by inferring restricted scopes [C]//Proc of the 17th Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2013: 329-337
[22] Amann J, Gasser O, Scheitle Q, et al. Mission accomplished?: HTTPS security after diginotar [C] //Proc of the 2017 Internet Measurement Conf. New York: ACM, 2017:325-340
[23] Schlyter J, Hoffman P. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA [S]. IETF RFC 6698, 2012[2018-10-15]. https://tools.ietf.org/html/rfc6698
[24] Hallam-Baker P, Stradling R. DNS certification authority authorization (CAA) resource record [S]. IETF RFC 6844, 2013[2018-10-15]. https://tools.ietf.org/html/rfc6844
[25] Larson M, Massey D, Rose S, et al. DNS security introduction and requirements [S]. IETF RFC 4033, 2005[2018-10-15]. https://tools.ietf.org/html/rfc4033
[26] Ateniese G, Mangard S. A new approach to DNS security (DNSSEC) [C] //Proc of the 8th ACM Conf on Computer and Communications Security. New York: ACM, 2001: 86-95
[27] Laurie B, Langley A, Kasper E. Certificate transparency [S]. IETF RFC 6962, 2013[2018-10-15]. https://tools.ietf.org/html/rfc6962
[28] Kim H J, Huang L S, Perring A, et al. Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure [C] //Proc of the 22nd Int World Wide Web Conf on Steering Committee. New York: ACM, 2013: 679-690
[29] Basin D, Cremers C, Kim H J, et al. ARPKI: Attack Resilient Public-Key Infrastructure [C]//Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 382-393
[30] Nykvist C, Sjöström L, Gustafsson J, et al. Server-Side adoption of certificate transparency [C]//Proc of the 19th Int Conf on Passive and Active Network Measurement. Berlin: Springer, 2018: 186-199
[31] Dark Reading Reports. DigiCert announces certificate transparency support [OL]. (2013-09-24) [2018-10-15]. https://web.archive.org/web/20131010015324/http://www.darkreading.com/privacy/digicert-announces-certificate-transpare/240161779
[32] Google. Certificate Transparency [OL]. 2013 [2018-10-15]. https://www.certificate-transparency.org/
|