Alsaid, AdilMitchell, Chris J.Wulf, ChristopherLucks, StefanYau, Po-Wah2019-08-262019-08-2620053-88579-403-9https://dl.gi.de/handle/20.500.12116/24849As has recently been demonstrated, a malicious third party could insert a self-issued CA public key into the list of trusted root CA public keys stored on an end user PC. As a consequence, the malicious third party could potentially do severe damage to the end user computing environment. In this paper, we discuss the problem of fake root public keys and suggest a solution that can be used to detect and remove them. We further describe a prototype implementation of this solution.enText/Conference Paper1617-5468