Towards Live Monitoring of CAA Compliance: A Modern Look at the CAA Landscape

Abstract

Certificate Authorities (CAs) must abide by Certificate Authority Authorization (CAA) records which specify which CAs can issue certificates for particular domains. I am developing a machine learning model to aid in the process of live monitoring for potential certificate mis-issuances which differentiates between benign and malicious mismatches. However, since malicious CAs are so rare and difficult to come across, we are unlikely to observe this occurrence in training data. Thus, the goal of this project is to build a framework for mismatch detection that can use information from the past, specifically past observations about what triggered false positives, to appropriately flag mismatches that display real cause for concern. This report features the data collection and processing pipelines for certificate data, as well as initial insights into what causes mismatches between the certificate issuer and those listed on the CAA record. Utilizing features attained from manual inspection, I aim to group together similar false positives through unsupervised learning to allow for more streamlined investigation. Future work includes further manual inspection, clustering, more robust data collection, analysis of clustering using chosen features on unseen data, creation of a classifier, and creation of a database of CA relationships. This work will be integrated with the parallel work of Kenny Poor to create a live monitoring system for CA compliance.