%% You should probably cite draft-ietf-trans-threat-analysis-16 instead of this revision. @techreport{ietf-trans-threat-analysis-13, number = {draft-ietf-trans-threat-analysis-13}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-trans-threat-analysis/13/}, author = {Stephen Kent}, title = {{Attack and Threat Model for Certificate Transparency}}, pagetotal = 30, year = 2018, month = apr, day = 13, abstract = {This document describes an attack model and discusses threats for the Web PKI context in which security mechanisms to detect mis-issuance of web site certificates are being developed. The model provides an analysis of detection and remediation mechanisms for both syntactic and semantic mis-issuance. The model introduces an outline of attacks to organize the discussion. The model also describes the roles played by the elements of the Certificate Transparency (CT) system, to establish a context for the model.}, }