{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2016:VT75Z6MQIRTFZIREND2O2GJ3OC","short_pith_number":"pith:VT75Z6MQ","canonical_record":{"source":{"id":"1601.03874","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-01-15T11:00:22Z","cross_cats_sorted":[],"title_canon_sha256":"30187176f0fb244b68046abbdfb4dd50dff7b38a8544eeb3e6f9db13a658a210","abstract_canon_sha256":"e9fafe3a1b2f79392f06153bed091fe42ea0184d0b0237738592817c71e14b1f"},"schema_version":"1.0"},"canonical_sha256":"acffdcf99044665ca22468f4ed193b709f1f227e8f48843eb2f9b6e4e4034b55","source":{"kind":"arxiv","id":"1601.03874","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1601.03874","created_at":"2026-05-18T01:13:09Z"},{"alias_kind":"arxiv_version","alias_value":"1601.03874v2","created_at":"2026-05-18T01:13:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1601.03874","created_at":"2026-05-18T01:13:09Z"},{"alias_kind":"pith_short_12","alias_value":"VT75Z6MQIRTF","created_at":"2026-05-18T12:30:48Z"},{"alias_kind":"pith_short_16","alias_value":"VT75Z6MQIRTFZIRE","created_at":"2026-05-18T12:30:48Z"},{"alias_kind":"pith_short_8","alias_value":"VT75Z6MQ","created_at":"2026-05-18T12:30:48Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2016:VT75Z6MQIRTFZIREND2O2GJ3OC","target":"record","payload":{"canonical_record":{"source":{"id":"1601.03874","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-01-15T11:00:22Z","cross_cats_sorted":[],"title_canon_sha256":"30187176f0fb244b68046abbdfb4dd50dff7b38a8544eeb3e6f9db13a658a210","abstract_canon_sha256":"e9fafe3a1b2f79392f06153bed091fe42ea0184d0b0237738592817c71e14b1f"},"schema_version":"1.0"},"canonical_sha256":"acffdcf99044665ca22468f4ed193b709f1f227e8f48843eb2f9b6e4e4034b55","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:13:09.483682Z","signature_b64":"ROv7YlFdlllS+tZTDAV5VLA2cCGPWiRICNlhywjKqf/ZsNr0VHBPculx7TwMZFohH5DJ20PzpcFTnYZqBou2AQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"acffdcf99044665ca22468f4ed193b709f1f227e8f48843eb2f9b6e4e4034b55","last_reissued_at":"2026-05-18T01:13:09.483299Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:13:09.483299Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1601.03874","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:13:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"uuhRsjREWzFYf0RMWPuvq0rFcK6rBwU/8jkH6HjQUs74wEMXd5nhodPqNVCuBz1mDDI/dnbN1qJU6c5BTerHDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-28T07:12:42.408413Z"},"content_sha256":"6260f8369459a19822764bb49e8a4bb2362fdfd2d0652f93915f56854f6972c9","schema_version":"1.0","event_id":"sha256:6260f8369459a19822764bb49e8a4bb2362fdfd2d0652f93915f56854f6972c9"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2016:VT75Z6MQIRTFZIREND2O2GJ3OC","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Adrian Perrig, Laurent Chuat, Pawel Szalachowski","submitted_at":"2016-01-15T11:00:22Z","abstract_excerpt":"In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we re"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1601.03874","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:13:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"lbjlk8L0AvxH4/DuHVrOl6PKU5u1b/mCQ1/dZgj4RgoVtNebifbvV2h8fMytG0IjCY63P+auPrQGn6/l/RRLDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-28T07:12:42.408764Z"},"content_sha256":"b79837d1ea9bb0cb4a85622fb3ac22bacb3ea3868e24ba9c471bc75a50f2a4de","schema_version":"1.0","event_id":"sha256:b79837d1ea9bb0cb4a85622fb3ac22bacb3ea3868e24ba9c471bc75a50f2a4de"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/VT75Z6MQIRTFZIREND2O2GJ3OC/bundle.json","state_url":"https://pith.science/pith/VT75Z6MQIRTFZIREND2O2GJ3OC/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/VT75Z6MQIRTFZIREND2O2GJ3OC/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-28T07:12:42Z","links":{"resolver":"https://pith.science/pith/VT75Z6MQIRTFZIREND2O2GJ3OC","bundle":"https://pith.science/pith/VT75Z6MQIRTFZIREND2O2GJ3OC/bundle.json","state":"https://pith.science/pith/VT75Z6MQIRTFZIREND2O2GJ3OC/state.json","well_known_bundle":"https://pith.science/.well-known/pith/VT75Z6MQIRTFZIREND2O2GJ3OC/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2016:VT75Z6MQIRTFZIREND2O2GJ3OC","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"e9fafe3a1b2f79392f06153bed091fe42ea0184d0b0237738592817c71e14b1f","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-01-15T11:00:22Z","title_canon_sha256":"30187176f0fb244b68046abbdfb4dd50dff7b38a8544eeb3e6f9db13a658a210"},"schema_version":"1.0","source":{"id":"1601.03874","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1601.03874","created_at":"2026-05-18T01:13:09Z"},{"alias_kind":"arxiv_version","alias_value":"1601.03874v2","created_at":"2026-05-18T01:13:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1601.03874","created_at":"2026-05-18T01:13:09Z"},{"alias_kind":"pith_short_12","alias_value":"VT75Z6MQIRTF","created_at":"2026-05-18T12:30:48Z"},{"alias_kind":"pith_short_16","alias_value":"VT75Z6MQIRTFZIRE","created_at":"2026-05-18T12:30:48Z"},{"alias_kind":"pith_short_8","alias_value":"VT75Z6MQ","created_at":"2026-05-18T12:30:48Z"}],"graph_snapshots":[{"event_id":"sha256:b79837d1ea9bb0cb4a85622fb3ac22bacb3ea3868e24ba9c471bc75a50f2a4de","target":"graph","created_at":"2026-05-18T01:13:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we re","authors_text":"Adrian Perrig, Laurent Chuat, Pawel Szalachowski","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-01-15T11:00:22Z","title":"PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1601.03874","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:6260f8369459a19822764bb49e8a4bb2362fdfd2d0652f93915f56854f6972c9","target":"record","created_at":"2026-05-18T01:13:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"e9fafe3a1b2f79392f06153bed091fe42ea0184d0b0237738592817c71e14b1f","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-01-15T11:00:22Z","title_canon_sha256":"30187176f0fb244b68046abbdfb4dd50dff7b38a8544eeb3e6f9db13a658a210"},"schema_version":"1.0","source":{"id":"1601.03874","kind":"arxiv","version":2}},"canonical_sha256":"acffdcf99044665ca22468f4ed193b709f1f227e8f48843eb2f9b6e4e4034b55","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"acffdcf99044665ca22468f4ed193b709f1f227e8f48843eb2f9b6e4e4034b55","first_computed_at":"2026-05-18T01:13:09.483299Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T01:13:09.483299Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"ROv7YlFdlllS+tZTDAV5VLA2cCGPWiRICNlhywjKqf/ZsNr0VHBPculx7TwMZFohH5DJ20PzpcFTnYZqBou2AQ==","signature_status":"signed_v1","signed_at":"2026-05-18T01:13:09.483682Z","signed_message":"canonical_sha256_bytes"},"source_id":"1601.03874","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:6260f8369459a19822764bb49e8a4bb2362fdfd2d0652f93915f56854f6972c9","sha256:b79837d1ea9bb0cb4a85622fb3ac22bacb3ea3868e24ba9c471bc75a50f2a4de"],"state_sha256":"4468e825b2b8841939bfdc2bc851fbaece8b5870e2e7443fcd692c20dee10fe1"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"yg7H9K4vVj5PT1fzJ+B+VNn317Z/KDDfdH1KCc1HNNdKgY73a+7U725t2xnLOaFqEd+IzUf0vwjOK8gYMiU/AQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-28T07:12:42.410909Z","bundle_sha256":"1ad5c5e8fbcd8030c8fecfbec7883be83670e878404d3c537711ace4af73cfdc"}}