Certificate Transparency

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

A method introduced by Google to allow any browser to check the security of any web site.

Context

Certificate Transparency Housley 2016-07

  Certificate Transparency [RFC6962] offers a mechanism to detect mis-
  issued certificates, and once detected, administrators and CAs can
  take the necessary actions to revoke the mis-issued certificates.
  When requesting a certificate, the administrator can request the CA
  to include an embedded Signed Certificate Timestamp (SCT) in the
  certificate to ensure that their legitimate certificate is logged
  with one or more Certificate Transparency (CT) log.
  In the future, a browser may choose to reject certificates without an
  SCT, and potentially notify the website administrator or CA when they
  encounter such a certificate.  This reporting will help detect mis-
  issuance of certificates and lead to their revocation.
  A administrator, or another party acting on behalf of the
  administrator, is able to monitor one or more CT log to which a pre-
  certificate or certificate is submitted, and detect the logging of a
  pre-certificate or certificate that contains their domain name.  When
  such a pre-certificate or certificate is detected, the CA can be
  contacted to to get the mis-issued certificate revoked.

References

Other Material