Certificate Root Stores: An Area of Unity or Disparity?
Jegan Purushothaman, Ethan Thompson, AbdelRahman Abdou
TL;DR
This paper examines the disparities and lack of consensus among major organizations in maintaining certificate root stores, highlighting potential security concerns due to inconsistent trust policies.
Contribution
It provides an analysis of the differences in root store inclusion and trust policies among leading organizations, emphasizing the need for greater standardization.
Findings
Significant disparities exist in root store trust policies.
Government-owned certificates are inconsistently trusted.
The current trust model poses security risks.
Abstract
Organizations like Apple, Microsoft, Mozilla and Google maintain certificate root stores, which are used as trust anchors by their software platforms. Is there sufficient consensus on their root-store inclusion and trust policies? Disparities appear astounding, including in the government-owned certificates that they trust. Such a status-quo is alarming.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsOutsourcing and Supply Chain Management