Mutual TLS in Practice: A Deep Dive into Certificate Configurations and Privacy Issues Hongying Dong, Yizhe Zhang, Hyeonmin Lee, Kevin Du, Guancheng Tu, and Yixin Sun University of Virginia This paper has been published at IMC 2024. Summary In this research, we investigated the prevalence and characteristics of mutual TLS connections, including the associated services and patterns of certificate usage. Specifically, by analyzing TLS connection logs collected from a large campus network over 23 months, we identified over 2.

We provide the code used for conducting the privacy analysis presented in Section 6 of the paper. This code allows you to retrieve the count of each information type (e.g., domain name, IP address, MAC address, personal name, etc.) in the CN and SAN fields of certificates, as shown in Table 8. Classifying types of information in CN and SAN Prerequisites CCADB: We used CCADB to determine whether certificate authorities are listed as the Common Name (CN) or Subject Alternative Name (SAN).

If you have any questions regarding this paper, please feel free to contact us Hongying Dong, PhD Candidate, University of Virginia Yizhe Zhang, PhD Candidate, University of Virginia Hyeonmin Lee, Postdoc, University of Virginia Yixin Sun, Assistant Professor, University of Virginia