Certificate Transparency

Certificate Transparency (CT) is an experimental IETF open standard^[1] and open source framework for monitoring and auditing digital certificates. Through a system of certificate logs, monitors, and auditors, certificate transparency allows website users and domain owners to identify mistakenly or maliciously issued certificates and to identify certificate authorities (CAs) that have gone rogue.

Background

Flaws in the current system of digital certificate management were made evident in high-profile security and privacy breaches caused by fraudulent certificates.

In 2011 Dutch certificate authority DigiNotar filed for bankruptcy after intruders successfully created more than 500 fraudulent digital certificates using its infrastructure.^[2]

Ben Laurie and Adam Langley conceived Certificate Transparency and an implementation of the framework was developed as an open source project.

Advantages

One of the problems with digital certificate management is that fraudulent certificates take a long time to be spotted, reported and revoked by the browser vendors. Certificate Transparency would help by making it impossible for a certificate to be issued for a domain without the domain owner knowing.

Certificate Transparency does not require side channel communication to validate certificates as do some competing technologies such as Online Certificate Status Protocol (OCSP) and Convergence. Certificate Transparency also operates without the need to trust a third party.

Certificate Transparency logs

Certificate Transparency depends on verifiable Certificate Transparency logs. A log appends new certificates to an ever-growing Merkle hash tree.^[1]^{:Section 3} To be seen as behaving correctly, a log must:

Verify that each submitted certificate or precertificate has a valid signature chain leading back to a trusted root certificate authority certificate.
Refuse to publish certificates without this valid signature chain.
Store the entire verification chain from the newly accepted certificate back to the root certificate.
Present this chain for auditing upon request.

A log may accept certificates that are not yet fully valid and certificates that have expired.

Certificate Transparency monitors

Monitors act as clients to the log servers. Monitors check logs to make sure they are behaving correctly. An inconsistency is used to prove that a log has not behaved correctly, and the signatures on the log's data structure (the Merkle tree) prevent the log from denying that misbehavior.

Certificate Transparency auditors

Auditors also act as clients to the log servers. Certificate Transparency auditors use partial information about a log to verify the log against other partial information they have.^[1]^{:Section 5.4}

Certificate authority implementation

Google launched its first certificate transparency log in March 2013.^[3] In September 2013, DigiCert became the first certificate authority to implement Certificate Transparency.^[4]

Google Chrome began requiring Certificate Transparency for newly issued Extended Validation Certificates in 2015.^[5]^[6] It began requiring Certificate Transparency for all certificates newly issued by Symantec from June 1, 2016, after they were found to have issued 187 certificates without the domain owners' knowledge.^[7]^[8]

References

1 2 3 Laurie; et al. (June 2013). "RFC 6962 - Certificate Transparency". The Internet Engineering Task Force. Retrieved 2013-11-20.
↑ Kim Zetter (2011-09-11). "DigiNotar Files for Bankruptcy in Wake of Devastating Hack". Wired. Retrieved 2014-11-14.
↑ "Known Logs - Certificate Transparency". certificate-transparency.org. Retrieved 2015-12-31.
↑ "DigiCert Announces Certificate Transparency Support". Dark Reading. Archived from the original on October 10, 2013. Retrieved 2013-11-12.
↑ Woodfield, Meggie (December 5, 2014). "Certificate Transparency Required for EV Certificates to Show Green Address Bar in Chrome". DigiCert Blog. DigiCert.
↑ Laurie, Ben (February 4, 2014). "Updated Certificate Transparency + Extended Validation plan". cabfpub (Mailing list). Archived from the original on 2014-03-30.
↑ "Symantec Certificate Transparency (CT) for certificates issued before June 1, 2016". Symantec Knowledge Center. Symantec. June 9, 2016.
↑ Sleevi, Ryan (October 28, 2015). "Sustaining Digital Certificate Security". Google Security Blog. Google.

External links

RFC 6962 - Internet Engineering Task Force
Certificate-transparency.org, general information about how Certificate Transparency works
crt.sh, a Certificate Transparency Log search engine

TLS and SSL

Protocols and technologies

Transport Layer Security / Secure Sockets Layer (TLS/SSL)
Datagram Transport Layer Security (DTLS)
DNS Certification Authority Authorization (CAA)
DNS-based Authentication of Named Entities (DANE)
HTTPS
HTTP Public Key Pinning (HPKP)
HTTP Strict Transport Security (HSTS)
OCSP stapling
Perfect forward secrecy
Server Name Indication (SNI)
STARTTLS
Application-Layer Protocol Negotiation (ALPN)

Public-key infrastructure

Automated Certificate Management Environment (ACME)
Certificate authority (CA)
CA/Browser Forum
Certificate policy
Certificate revocation list (CRL)
Domain-validated certificate (DV)
Extended Validation Certificate (EV)
Online Certificate Status Protocol (OCSP)
Public key certificate
Public-key cryptography
Public key infrastructure (PKI)
Root certificate
Self-signed certificate