We present ARPKI, a public-key infrastructure that ensures that
certificate-related operations, such as certificate issuance,
update, revocation, and validation, are transparent and
accountable.  ARPKI is the first such infrastructure that
systematically takes into account requirements identified by
previous research. Moreover, ARPKI is co-designed with a formal
model, and we verify its core security property using the Tamarin
prover. We present a proof-of-concept implementation providing
all features required for deployment. ARPKI efficiently handles
the certification process with low overhead and without incurring
additional latency to TLS.

ARPKI offers extremely strong security guarantees, where
compromising n-1 trusted signing and verifying entities is
insufficient to launch an impersonation attack. Moreover, it
deters misbehavior as all its operations are publicly visible.