[cabfpub] Research references for CAs

Ryan Sleevi sleevi at google.com
Mon Jun 18 07:16:04 MST 2018


*During our recent F2F, there were some questions from CAs and other
browsers about research that has informed some of the decisions on how the
Chrome UI, particularly the security UI, has evolved. Google has
participated in, as well as authored, several research studies that pertain
to these topics. In order to ensure the quality of methodology, scale, and
analysis, each of these papers underwent review by Conference committee or
a group of peers as defined by the publication venue.A list of some of the
peer-reviewed research published by Googlers in widely well-respected
journals and conferences: - Alice in Warningland: A Large-Scale Field Study
of Browser Security Warning Effectiveness
<https://ai.google/research/pubs/pub41323>- Your Reputation Precedes You:
History, Reputation, and the Chrome Malware Warning
<https://ai.google/research/pubs/pub42546>- Experimenting At Scale With
Google Chrome's SSL Warning <https://ai.google/research/pubs/pub41927>-
Improving SSL Warnings: Comprehension and Adherence
<https://ai.google/research/pubs/pub43265>- Rethinking Connection Security
Indicators <https://ai.google/research/pubs/pub45366>- A Week to Remember:
The Impact of Browser Warning Storage Policies
<https://ai.google/research/pubs/pub45374>- Where the Wild Warnings Are:
Root Causes of Chrome Certificate Errors
<https://ai.google/research/pubs/pub46359>- Measuring HTTPS adoption on the
web <https://ai.google/research/pubs/pub46197>- An Experience Sampling
Study of User Reactions to Browser Warnings in the Field
<https://blues.cs.berkeley.edu/wp-content/uploads/2018/01/chi18-warnings.pdf>-
152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy
Users <https://ai.google/research/pubs/pub46306>Additionally, in hallway
conversations, there were discussions about other research into the PKI
ecosystem. A few resources that CAs may not have been aware of, also
appearing in top-tier conferences and publications: - The Security Impact
of HTTPS Interception <https://zakird.com/papers/https_interception.pdf>- A
Search Engine Backed by Internet-Wide Scanning
<https://censys.io/static/censys.pdf>- Tracking Certificate Misissuance in
the Wild <https://zakird.com/papers/zlint.pdf>- Towards a Complete View of
the Certificate Ecosystem
<https://jhalderm.com/pub/papers/https-perspectives-imc16.pdf>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180618/4008cc44/attachment.html>


More information about the Public mailing list