Certificate Transparency in Google Chrome: Past, Present, and Future

Stark, Emily; DeBlasio, Joe; O’Brien, Devon

doi:10.1109/msec.2021.3103461

Cited by 9 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is not an appropriate threat model for many cases where it can be assumed that processes may not be followed honestly and systems may be faulty. Moreover, because zero-knowledge proofs obfuscate practically all information, their use is very limited to investigate misbehaviour that would involve nuanced details [57].…”

Section: Compliance Based Auditingmentioning

confidence: 99%

Transparency, Compliance, And Contestability When Code Is(n't) Law

Hicks¹

2022

Preprint

View full text Add to dashboard Cite

Both technical security mechanisms and legal processes serve as mechanisms to deal with misbehaviour according to a set of norms. While they share general similarities, there are also clear differences in how they are defined, act, and the effect they have on subjects. This paper considers the similarities and differences between both types of mechanisms as ways of dealing with misbehaviour, and where they interact with each other. Taking into consideration the idea of code as law, we discuss accountability mechanisms for code, and how they must relate to both security principles and legal principles. In particular, we identify the ability to contest norms enforced by code as an important part of accountability in this context. Based on this analysis, we make the case for transparency enhancing technologies as security mechanisms that can support legal processes, in contrast to other types of accountability mechanisms for code. We illustrate this through two examples based on recent court cases that involved Post Office in the United Kingdom and Uber in the Netherlands, and discuss some practical considerations.

show abstract

Section: Compliance Based Auditingmentioning

confidence: 99%

Transparency, Compliance, And Contestability When Code Is(n't) Law

Hicks¹

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…This can be mitigated by using zero-knowledge proofs to allow the browser to prove to a browser vendor (e.g., Google) that it knows a signed certificate timestamp signed by a log server (without revealing it) despite the log omitting this certificate, therefore showing that the log does not have integrity [64]. This approach has downsides, however, as this would require changes to log implementations and APIs, and obfuscate details in the investigation of log misbehaviour [181], which shows the tension between operating the system and user privacy goals.…”

Section: Certificate Transparencymentioning

confidence: 99%

Transparency Enhancing Technologies to Make Security Protocols Work for Humans

Hicks

Murdoch

2020

Security Protocols XXVII

View full text Add to dashboard Cite

As computer systems are increasingly relied on to make decisions that will have significant consequences, it has also become important to provide not only standard security guarantees for the computer system but also ways of explaining the output of the system in case of possible errors and disputes. This translates to new security requirements in terms of human needs rather than technical properties. For some context, we look at prior disputes regarding banking security and the ongoing litigation concerning the Post Office's Horizon system, discussing the difficulty in achieving meaningful transparency and how to better evaluate available evidence.

show abstract