A Call to Reconsider Certification Authority Authorization

Pouyan Fotouhi Tehrani; Raphael Hiesgen; Thomas C. Schmidt; Matthias Wählisch

doi:10.1109/msec.2025.3531232

A Call to Reconsider Certification Authority Authorization

Research output: Contribution to journal › Research article › Contributed › peer-review

Contributors

Pouyan Fotouhi Tehrani - , Chair of Distributed and Networked Systems (Author)
Raphael Hiesgen - , Hamburg University of Applied Sciences (Author)
Thomas C. Schmidt - , Hamburg University of Applied Sciences (Author)
Matthias Wählisch - , Chair of Distributed and Networked Systems (Author)

Abstract

Certification Authority Authentication (CAA) is a safeguard against illegitimate certificate issuance. We show how shortcomings in CAA concepts and operational aspects undermine its effectiveness in preventing certificate misissuance. Our discussion reveals pitfalls and highlights best practices when designing security protocols based on the Domain Name System.

Details

Original language	English
Pages (from-to)	35-43
Number of pages	9
Journal	IEEE Security & Privacy
Volume	24
Issue number	1
Publication status	Published - Feb 2026
Peer-reviewed	Yes

External IDs

unpaywall	10.1109/msec.2025.3531232
Mendeley	61fc8ff8-e648-382d-a9cc-29b3c456aed6
ORCID	/0000-0002-3825-2807/work/179394058
Scopus	85217928580

Keywords

Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards

Subject groups, research areas, subject areas according to Destatis

Computer and Communication Technologies

ASJC Scopus subject areas

Computer Networks and Communications

Research Portal of the TU Dresden