no domain left behind
play

No domain left behind is Lets Encrypt democratizing encryption? M. - PowerPoint PPT Presentation

Nov 03, 2022 •97 likes •292 views

. . . . . . . . . . . . . . No domain left behind is Lets Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyski 2 , G. Moura 3 1 National Cyber Security Centre The Netherlands 2 Delft University of Technology The

  1. . . . . . . . . . . . . . . No domain left behind is Let’s Encrypt democratizing encryption? M. Aertsen 1 , M. Korzyński 2 , G. Moura 3 1 National Cyber Security Centre The Netherlands 2 Delft University of Technology The Netherlands 3 SIDN Labs The Netherlands . . . . . . . . . . . . . . . . . . . . . . . . . . ICANN58, Tech day

  2. . . . . . . . . . . . . . . . . More than half of web traffjc nowadays is encrypted Yet that leaves out a lot of people without HTTPS Firefox telemetry 1 Chrome telemetry 2 1 https://telemetry.mozilla.org/ , plot based on Let’s Encrypt stats page . . . . . . . . . . . . . . . . . . . . . . . . 2 https://www.google.com/transparencyreport/https/metrics/

  3. . . . . . . . . . . . . . . . . . Certifjcates are required for encryption on the web Obtaining and deploying certifjcates is not free 3 https://letsencrypt.org 4 https://ietf-wg-acme.github.io/acme/ . . . . . . . . . . . . . . . . . . 5 https://certbot.eff.org/ . . . . . ▶ Cost: purchase, deployment and renewal ▶ Complexity: request, deployment (at scale) Let’s Encrypt 3 aims to make encrypted traffjc ubiquitous ▶ Reducing certifjcate cost of purchase, renewal to zero ▶ Automation of request, issuance and deployment (ACME: protocol 4 and clients, e.g. Certbot 5 )

  4. . . . . . . . . . . . . . . . . No domain left behind Is Let’s Encrypt democratizing encryption? Research question “In its fjrst year of certifjcate issuance, has Let’s Encrypt been successful in democratizing encryption?” Approach . . . . . . . . . . . . . . . . . . . . . . . . ▶ Analyze issuance in the fjrst year of Let’s Encrypt ▶ Show adoption trend from various perspectives ▶ Analyze coverage for the lower-cost end of the market

  5. . . . . . . . . . . . . . . . Contribution We show that players Encrypt certifjed domains (shared hosting) their fjrst expiration (90 days) And fjnd that . . . . . . . . . . . . . . . . . . . . . . . . . Let’s Encrypt has indeed started to democratize encryption. ▶ 98% of certifjcates are issued outside Alexa 1M ▶ yet issuance is not restricted to lower end of the market ▶ Let’s Encrypt ’s growth is attributed to adoption by major ▶ 3 hosting providers are responsible for 47% of the Let’s ▶ Issuance is dominantly for the lower-cost end of the market ▶ The majority of certifjcates are correctly renewed after

  6. . . . . . . . . . . . . Methodology . Period covered One year of Let’s Encrypt certifjcate issuance, Sept 2015-2016 Results based on FQDNs reduced to 2LD/3LD form depending on availability per TLD registry Datasets Certifjcates Certifjcate transparency Domain to IP mapping Farsight DNSDB Organization mapping Methodology from previous work, us- . . . . . . . . . . . . . . . . . . . . . . . . . . . ing whois data & Maxmind GEOIP2 ▶ e.g. example.org (2LD) or example.co.uk (3LD),

  7. . . . . . . . . . . . . . . . . . . 98% of certifjcates are issued outside Alexa 1M … . . . . . . . . . . . . . . . . . . . . . . % of total usage of Let's Encrypt 100% Alexa 1M Alexa 100k 10% Alexa 10k Alexa 1k 1% 0.1% 0.01% 0.001% Sep '15 Nov '15 Jan '16 Mar '16 May '16 Jul '16 Sep '16

  8. . . . . . . . . . . . . . . . . . . …yet issuance is not restricted to lower end of market . . . . . . . . . . . . . . . . . . . . . . % of domains using Let's Encrypt 20% Alexa 1M Alexa 100k Alexa 10k 15% Alexa 1k DNSDB 10% 5% 0% Sep '15 Nov '15 Jan '16 Mar '16 May '16 Jul '16 Sep '16

  9. . . . . . . . . . . . . . . . . . Growth is attributed to adoption by major players 3 hosting providers are responsible for 47% of the Let’s Encrypt certifjed domains November 2015 . . . . . . . . . . . . . . . . . . . . . . . September 2016 known domains 0 127M 14K Let's Encrypt domains 0 60K organisations

  10. . . . . . . . . . . . . . . . . . Growth is attributed to adoption by major players 3 hosting providers are responsible for 47% of the Let’s Encrypt certifjed domains November 2015 September 2016 . . . . . . . . . . . . . . . . . . . . . . . known domains known domains 0 127M 0 205M 14K 4.4M Let's Encrypt domains Let's Encrypt domains 0 60K 0 66K organisations organisations

  11. . . . . . . . . . . . . . . . . . Growth is attributed to adoption by major players 3 hosting providers are responsible for 47% of the Let’s Encrypt certifjed domains November 2015 . . . . . . . . . . . . . . . . . . . . . . . September 2016 known domains 0 127M 14K Let's Encrypt domains 0 60K organisations

  12. . . . . . . . . . . . . . . . . . . Issuance is dominantly for web hosting So far, no surprises . . . . . . . . . . . . . . . . . . . . . . 100% unknown cdn % of Let's Encrypt domains isp 80% hosting other parking 60% edu ddos-protection gov 40% 20% 0% S O N D J F M A M J J A S a u u e e p u e c o e n a a n l b p t r g p v c r y ' ' ' 1 ' 1 ' ' 1 ' 1 ' ' 1 ' 1 ' ' ' 1 1 1 1 6 1 1 6 1 6 5 6 6 5 5 5 6 6 6 6

  13. . . . . . . . . . . . . . . . . . Over 90% of domains in hosting are on shared hosting Issuance is dominantly for the lower-cost end of the market . . . . . . . . . . . . . . . . . . . . . . . % of LE domains in hosting 100% shared hosting non-shared hosting 80% 60% 40% 20% 0% S O N D J F M A M J J A S a u u e e c o e p u e n a a n l b p t v c r g p r y ' 1 ' ' ' ' ' 1 ' ' ' 1 ' 1 ' 1 1 ' 6 ' 1 1 1 1 1 1 1 6 6 5 6 6 5 5 5 6 6 6 6

  14. . . . . . . . . . . . . . . . . . . Let’s Encrypt certifjcates are valid for 90 days The majority of certifjcates are correctly renewed after their fjrst expiration . . . . . . . . . . . . . . . . . . . . . . 1 Fraction of FQDN coverage continuous gap ≤ 1 week 0.8 0.6 0.4 0.2 0 90 180 270 360 days since initial issuance of certi fi cate

  15. . . . . . . . . . . . . . . Summary We fjnd that Let’s Encrypt has indeed started to democratize encryption Certifjcate issuance in the fjrst year of Let’s Encrypt (shared hosting) X.509 certifjcates before certifjcates for their customers in bulk large number of domains three large hosting companies (Sept 2016) after the fjrst issuance of the certifjcate 6 . . . . . . . . . . . . . . . . . . . . . . 6 Let’s Encrypt certifjcates expire after three months . . . . ▶ used widely, dominated by the low-cost share of the market ▶ which would be unlikely to deploy the complex and costly ▶ enables big hosting providers to issue and deploy ▶ thus quickly and automatically enable encryption across a ▶ e.g. 47% of Let’s Encrypt certifjed domains are hosted at ▶ 70% of the Let’s Encrypt certifjed domains remain active

  16. . . . . . . . . . . . . In conclusion . Future work require prior knowledge of domains served (SNI) Contact details Maarten Aertsen maarten.aertsen@ncsc.nl Maciej Korzyński maciej.korczynski@tudelft.nl Giovane Moura giovane.moura@sidn.nl For more information, including related work & references, . . . . . . . . . . . . . . . please see arXiv:1612.03005 (pending publication) . . . . . . . . . . . . ▶ extend measurement period ▶ issued versus deployed ▶ active scans on shared hosting ▶ use by malicious actors

  17. . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . .. . . . . .

  18. . . . . . . . . . . . . . . . . . . Absolute and relative growth Time series for FQDNs, domains, and DNSDB ratio . . . . . . . . . . . . . . . . . . . . . . 10% 14M FQDNs (absolute) unique certi fi ed domains domains (absolute) 12M domains (relative) 10M 1% % of DNSDB 8M 6M 0.1% 4M 2M 0 0.01% Sep '15 Nov '15 Jan '16 Mar '16 May '16 Jul '16 Sep '16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej

No domain left behind: is Lets Encrypt democratizing encryption? Maarten Aertsen 1 , Maciej Korczy nski 2 , Giovane C. M. Moura 3 , Samaneh Tajalizadehkhoob 2 , Jan van den Berg 2 1 National Cyber Security Centre The Netherlands 2 Delft

423 views • 21 slides
AW Left Cervical Radiculopathy Presentation World class swimmer with left scapular pain

AW Left Cervical Radiculopathy Presentation World class swimmer with left scapular pain

AW Left Cervical Radiculopathy Presentation World class swimmer with left scapular pain radiating into long finger. 3/5 left Triceps and 4/5 left grip. Unable to train due to pain and weakness. Initial X-rays 5-6 6-7 Options? 5-6

499 views • 26 slides
3D for the public viewers Binocular (perceivable with 2 eyes) Left Right Left eye How to

3D for the public viewers Binocular (perceivable with 2 eyes) Left Right Left eye How to

3D for the public viewers Binocular (perceivable with 2 eyes) Left Right Left eye How to direct Optical the left and right images to Splitter Right eye the correct eye? Anaglyph Blue filter Red filter Transmission 475nm 650nm

738 views • 34 slides
Semigroups of Left I-quotients Nassraddin Ghroda May 11, 2010 Semigroups of Left I-quotients

Semigroups of Left I-quotients Nassraddin Ghroda May 11, 2010 Semigroups of Left I-quotients

Semigroups of Left I-quotients Semigroups of Left I-quotients Nassraddin Ghroda May 11, 2010 Semigroups of Left I-quotients Outline Background 1 Inverse hull of left I-quotients of left ample semigroups 2 Extension of homomorphisms 3

794 views • 44 slides
Todays Topics Project 1 questions Less than a week left, should be in Phase III But

Todays Topics Project 1 questions Less than a week left, should be in Phase III But

Todays Topics Project 1 questions Less than a week left, should be in Phase III But its really about logging the hours Test, test, test Runtime systems introduction Goal Bridging concepts Domain analysis

408 views • 11 slides
#prep X Assembly 02: Left Fan In this guide, we attach Left filament fan to the X carriage.

#prep X Assembly 02: Left Fan In this guide, we attach Left filament fan to the X carriage.

#prep X Assembly 02: Left Fan In this guide, we attach Left filament fan to the X carriage. _________________________________________________________________ Left Filament Fan You'll need: Green left filament fan shroud Pink left filament fan

428 views • 6 slides
Eliminating left recursion (informally) Direct left rec. For each A -> A 1 | ... | A

Eliminating left recursion (informally) Direct left rec. For each A -> A 1 | ... | A

Eliminating left recursion (informally) Direct left rec. For each A -> A 1 | ... | A n | 1 | ... | n Rewrite: A -> 1A' | ... | n A' Introduce: A' -> 1A' | ... | nA' | Indirect left rec. A

555 views • 12 slides
No Child Left Behind No Child Left Behind Our Children Are Our Future: No Child Left Behind A

No Child Left Behind No Child Left Behind Our Children Are Our Future: No Child Left Behind A

No Child Left Behind No Child Left Behind Our Children Are Our Future: No Child Left Behind A New Era in Education A New Era in Education When it comes to the education of our childrenfailure is not an option. President George W.

671 views • 39 slides
Domain-independent planning and Domain-dependent planning Le Meilleur est lennemi

Domain-independent planning and Domain-dependent planning Le Meilleur est lennemi

Domain-independent planning and Domain-dependent planning Le Meilleur est lennemi du bien. The Best is the enemy of the good. Voltaire Thanks to Dana Nau. Domain dependent planners? For many applications, domain dependent

242 views • 6 slides
Focusing the Core Domain Model A Domain-Driven Design Case Study, Eric Evans, Domain Language

Focusing the Core Domain Model A Domain-Driven Design Case Study, Eric Evans, Domain Language

Focusing the Core Domain Model A Domain-Driven Design Case Study, Eric Evans, Domain Language @ericevans0 #dddesign #yow13 Thirsty Fern FLLC A Mostly True Story About Strategic Design and Focusing the Core Domain with Established

720 views • 33 slides
Image Processing A case study for a domain decomposed MPI code Domain Decomposition 1

Image Processing A case study for a domain decomposed MPI code Domain Decomposition 1

Image Processing A case study for a domain decomposed MPI code Domain Decomposition 1 Starting with a big array: 2 Domain Decomposition 2 Split it into pieces: 3 Domain Decomposition 3 Assign pieces to processors: 4 Domain

123 views • 10 slides
Laparotomy vs Interventional radiology Left humerus # Severe liver lacerations left lobe

Laparotomy vs Interventional radiology Left humerus # Severe liver lacerations left lobe

Extravasation right SMA Communited nasal bone # branches Laparotomy vs Interventional radiology Left humerus # Severe liver lacerations left lobe Parenchymal Haemorrhages in RUL & LUL Right L2 - L5 TP # Conservative vs operative treatment

334 views • 10 slides
ET-805 ATS Domain Module - II Ramkumar.Rajendran@iitb.ac.in From Last Class Blackbox Domain

ET-805 ATS Domain Module - II Ramkumar.Rajendran@iitb.ac.in From Last Class Blackbox Domain

ET-805 ATS Domain Module - II Ramkumar.Rajendran@iitb.ac.in From Last Class Blackbox Domain Model Glassbox Domain Model Muddy Points - Structure of MYCIN - Differences in interaction of SOPHIE and GUIDON 2 Activity - Each one

550 views • 33 slides
Information Visualization domain situation details of an application domain Characterize

Information Visualization domain situation details of an application domain Characterize

Nested model: Four levels of visualization design Domain characterization Design Process Information Visualization domain situation details of an application domain Characterize Domain Situation who are the target users?

268 views • 3 slides
The relative expansion of the left atrium over the left ventricle to detect early-stage heart

The relative expansion of the left atrium over the left ventricle to detect early-stage heart

The relative expansion of the left atrium over the left ventricle to detect early-stage heart failure with preserved ejection fraction Fatima Benchadli, Vuthy Sy, Floriane Gilles, Lise Legrand, Yann Allali, Claude Le Feuvre, Gilles Montalescot,

288 views • 3 slides
The .ae Domain Administration (.aeDA) .ae Domain Administration (.aeDA) The .aeDA was

The .ae Domain Administration (.aeDA) .ae Domain Administration (.aeDA) The .aeDA was

The .ae Domain Administration (.aeDA) .ae Domain Administration (.aeDA) The .aeDA was established in 2007 by TRA as a department. It is the Regulatory Body and Registry Operator for the .ae country code namespace and dotEmarat the Arabic

262 views • 9 slides
Office of Management and Budget Budget Development, Planning and Administration Haslet Armory

Office of Management and Budget Budget Development, Planning and Administration Haslet Armory

Office of Management and Budget Budget Development, Planning and Administration Haslet Armory 122 Martin Luther King Jr. Blvd. South Dover, DE 19901 Phone: (302) 739-4206 Fax: (302) 739-5661 Elizabeth Lewis elizabeth.lewis@state.de.us

81 views • 6 slides
Rebuilding the Benchmark Macroeconomic Model David Vines* and Samuel Wills** Paper Presented at

Rebuilding the Benchmark Macroeconomic Model David Vines* and Samuel Wills** Paper Presented at

Rebuilding the Benchmark Macroeconomic Model David Vines* and Samuel Wills** Paper Presented at the 2017 INET Reawakening Conference Edinburgh, UK, 21 23 October * Balliol College, St Antonys College and Oxford Martin School at

548 views • 28 slides
F ORT B END C OUNTY , T EXAS SH 36A D EVELOPMENT C ORRIDOR R AIL B USINESS P LAN S EPTEMBER 24,

F ORT B END C OUNTY , T EXAS SH 36A D EVELOPMENT C ORRIDOR R AIL B USINESS P LAN S EPTEMBER 24,

P RESENTATION T O : F ORT B END C OUNTY , T EXAS SH 36A D EVELOPMENT C ORRIDOR R AIL B USINESS P LAN S EPTEMBER 24, 2014 Presentation By Transportation Economics & Management Systems, Inc. W HO IS TEMS: P REVIOUS TEMS S TUDIES THAT WERE U SED

419 views • 40 slides
State of the Fine Arts District #228 Introducing GHS Seniors Ky Ariano Storm Baca

State of the Fine Arts District #228 Introducing GHS Seniors Ky Ariano Storm Baca

State of the Fine Arts District #228 Introducing GHS Seniors Ky Ariano Storm Baca Marissa Keogh Cora Varland Quinne Weinzierl Emma Yerkey Goals 1. Foster Creativity 2. Develop an attitude of hard work and

233 views • 21 slides
February 27, 2013 Source: CBRE Source: CBRE Source: CBRE Source: CBRE Source: CBRE Miami

February 27, 2013 Source: CBRE Source: CBRE Source: CBRE Source: CBRE Source: CBRE Miami

MIAMI DADE INDUSTRIAL MARKET OVERVIEW February 27, 2013 Source: CBRE Source: CBRE Source: CBRE Source: CBRE Source: CBRE Miami Hialeah Infill $65/SF Total Space Available: 26,000 SF Rental Rate: $6 - $7.80 /SF/Year Min.

384 views • 14 slides
Wheelchair use in everyday life Stephen Sprigle Why understand wheelchair use in everyday

Wheelchair use in everyday life Stephen Sprigle Why understand wheelchair use in everyday

Wheelchair use in everyday life Stephen Sprigle Why understand wheelchair use in everyday environments? Clinicians and users Relating a clients use (or anticipated use) relative to others may better inform decisions about models and

632 views • 25 slides
ADDRESS TO THE MISSOURI CLEAN WATER COMMISSIONERS Nov. 3, 2010 by Kristin Perry, J.D. Dear

ADDRESS TO THE MISSOURI CLEAN WATER COMMISSIONERS Nov. 3, 2010 by Kristin Perry, J.D. Dear

ADDRESS TO THE MISSOURI CLEAN WATER COMMISSIONERS Nov. 3, 2010 by Kristin Perry, J.D. Dear Commissioners: Thank you for granting me time to speak today. Since I left the Commission over a year ago, I have continued to follow the issue of the

125 views • 8 slides
Logistics Clusters and Economic Growth Yossi Sheffi Logistics Clusters Acto de Investidura del

Logistics Clusters and Economic Growth Yossi Sheffi Logistics Clusters Acto de Investidura del

DOCTOR HONORIS CAUSA YOSSI SHEFFI February 11, 2011 Logistics Clusters and Economic Growth Yossi Sheffi Logistics Clusters Acto de Investidura del Grado and de Doctor Honoris Causa Economic Growth Yossi Sheffi Universidad de Zaragoza Rector of

100 views • 8 slides

More recommend