Longitudinal characterization of X.509 revocation statuses : A framework for monitoring newly issued certificates from the most popular Certificate Transparency logs

Sammanfattning: The X.509 landscape is one of the cornerstones of the internet today. It is used to establish trust between entities online. Revocations of X.509 certificates are a vital part of the infrastructure to ensure that communicating parties can, in fact, be trusted. Today, these revocations are handled by Certificate Authorities who provide either an OCSP response or a CRL with the revocation status for their certificates. A framework was developed, written in Go, to enable longitudinal characterization of X.509 revocation statuses. We show that using the framework, it is possible to conduct a large scale analysis of X.509 certificates during an extended time. Using the data collected, we present preliminary analysis results and discuss the implications of the findings. We conclude that CAs, in general, behave similarly, with a few exceptions. Furthermore, we believe that large scale longitudinal analysis of revocation statuses provides a basis to hold CAs accountable and increase transparency in the X.509 landscape.