Rethinking Certificate Authorities:
Understanding and decentralizing domain validation