| Title | Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Stark, Emily, Sleevi, Ryan, Muminovic, Rijad, O'Brien, Devon, Messeri, Eran, Felt, Adrienne Porter, McMillion, Brendan, Tabriz, Parisa |
| Conference Name | 2019 IEEE Symposium on Security and Privacy (SP) |
| Date Published | may |
| Keywords | Browsers, certificate transparency, Certificate-Transparency, composability, compositionality, Computed tomography, CT, Ecosystems, Error analysis, error rate, Google Chrome web browser, HTTPs, Human Behavior, human factors, Internet, malicious certificates, Metrics, misissued certificates, Monitoring, online front-ends, pubcrawl, resilience, Resiliency, search engines, security, security benefits, security of data, Servers, usable-security, Web Browser Security, Web sites, Web-PKI, websites |
| Abstract | Certificate Transparency (CT) is an emerging system for enabling the rapid discovery of malicious or misissued certificates. Initially standardized in 2013, CT is now finally beginning to see widespread support. Although CT provides desirable security benefits, web browsers cannot begin requiring all websites to support CT at once, due to the risk of breaking large numbers of websites. We discuss challenges for deployment, analyze the adoption of CT on the web, and measure the error rates experienced by users of the Google Chrome web browser. We find that CT has so far been widely adopted with minimal breakage and warnings. Security researchers often struggle with the tradeoff between security and user frustration: rolling out new security requirements often causes breakage. We view CT as a case study for deploying ecosystem-wide change while trying to minimize end user impact. We discuss the design properties of CT that made its success possible, as well as draw lessons from its risks and pitfalls that could be avoided in future large-scale security deployments. |
| DOI | 10.1109/SP.2019.00027 |
| Citation Key | stark_does_2019 |
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate