Researchers find vulnerabilities in use of certificates for Web security

A new study offers the first end-to-end evaluation of the Web’s certificate revocation ecosystem, which includes website administrators that obtain and revoke certificates, certificate authorities that publish a list of revoked certificates, and browsers that check the revocation list to authenticate a website. The study results reveal that website administrators are providing revoked certificates, certificate authorities are not using newer processes for distributing revocations, and Web browsers are not checking whether certificates have been revoked.

Read more: Researchers find vulnerabilities in use of certificates for Web security