Meet ZLint: Identifying and Quantifying Certificate Authority Errors

Join us for our first Tech Talk at Censys as we host Deepak Kumar, graduate student at the University of Illinois - Urbana Champaign. Deepak will describe his experience and effort building ZLint, a certificate linter that codifies the policies set forth by standards and identifies if a certificate violates any rules.

Please feel free to arrive any time after 5:30pm ET.

Abstract:
Certificate Authorities (CAs) are integral to the public key infrastructure that supports HTTPS and enables secure communication on the web. Unfortunately, CAs also regularly make mechanical errors when issuing certificates, violating the rules and recommendations set forth by standards bodies like the CA/Browser Forum and published RFCs. To identify and quantify these errors, we built ZLint, a certificate linter that codifies the policies set forth by standards and identifies if a certificate violates any rules. In this talk, I will discuss our efforts in building ZLint and the results of an Internet-scale measurement study conducted in 2017 that measured certificate misissuance in the wild. I will also provide an update on the state of certificate misissuance today in 2020, and share how the project has grown since we released ZLint in 2018.