University of Twente Student Theses


Investigating Certification Authority Authorization Records' Effect on Existing Certificates

Pinke, T. E. (2020) Investigating Certification Authority Authorization Records' Effect on Existing Certificates.

[img] PDF
Abstract:Due to attacks on Certificate Authorities undermining the security provided by TLS certificates, auditing frameworks are gaining traction. This paper aims to investigate how existing certificates are affected by new CAA records. We combine data from both CAA records and CT logs at scale to identify cases in which certificates are retroactively affected by updated CAA records. We also investigate patterns and differences between CA operators and domain types regarding these occurrences. As there is little existing research in this area and CAA adoption has been relatively recent it is important to investigate edge cases in such a technology. Then we check upon these anomalies with a TLS scan to investigate whether these certificates are still in use. We find that only 33% of all CAA updates affect certificates after they have been issued while 2.7\% are retroactive and conflict with the issuer of the certificate. Among these anomalies the .pl, .in and .io top level domains appear more frequently as well as certificates issued by GoDaddy, GeoTrust and to a lesser extent GlobalSign and Amazon. Performing a TLS scan on identified cases reveals that the majority of certificates associated with these anomalies are no longer in use.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page