Journal paper accepted in IEEE Security & Privacy

Our paper "A Call to Reconsider Certification Authority Authorization (CAA)" has been accpeted for publication in IEEE Security & Privacy. Congrats Pouyan and Raphael! Certification Authority Authentication (CAA) is a safeguard against illegitimate certificate issuance. We show how shortcomings in CAA concepts and operational aspects undermine its effectiveness in preventing certificate misissuance. Our discussion reveals pitfalls and highlights best practices when designing security protocols based on DNS.

About IEEE Security & Privacy (S&P): IEEE Security & Privacy (S&P)’s mission is to be the best source of reliable, useful, peer-reviewed information for those aiming to understand how systems, data, and people are protected in a world of rapid technology evolution. This bimonthly magazine publishes articles that have clarity and context, targeting a wide audience who understand technology, from developers to executives, managers to policy-makers, and researchers interested in problems with practical impact. Peer-reviewed articles and columns by real-world experts illuminate all aspects of the field, including systems, attacks and defenses, software security, applied cryptography, usability, forensics, big data, ethics, biometrics, and more, with special issues focusing on targeted topics as well as issues devoted to key events and conferences.