Certificate Transparency

Certificate Transparency is a process that is intended to enable verification of issued digital certificates for encrypted Internet connections. The standard provides for the logging of all digital certificates issued by a certificate authority in an audit-proof logbook . This should enable the detection of erroneous or maliciously issued certificates for a domain. In June 2013 it was adopted by the IETF as an experimental RFC 6962 . The standard is being largely driven by Google .

In September 2011, it became known that hackers had succeeded in breaking into the systems of the DigiNotar certification authority and issuing forged certificates for more than 500 domains. These were subsequently used, among other things, to monitor Iranian citizens. As a reaction, Google began developing Certificate Transparency, according to its own account. In March 2013, the company started the first Certificate Transparency Log, and a little later, DigiCert, the first certification body introduced the procedure. Since January 2015, the Chrome web browser developed by Google has only accepted newly issued Extended Validation certificates if their issuance has been logged via Certificate Transparency. In June 2016, the company forced the Symantec certification authority to participate in the process, otherwise Chrome would warn of Symantec certificates. Google previously discovered that Symantec had issued incorrect certificates for the company's domains.

As of April 30, 2018, Chrome has been displaying a warning for certificates that have not been issued. However, this only applies if the certificate was issued after April 30, 2018. Certificates that were issued before the cut-off date are currently not taken into account.

Web links

Official website
Shedding Light on Certificates: The Web PKI and Certificate Transparency - Review Article

Individual evidence

↑ heise Security: Protocol of a crime: DigiNotar burglary largely cleared up. Retrieved April 26, 2017 .
↑ ^a ^b Certificate Transparency (CT) Status | DigiCert.com. Retrieved April 26, 2017 (English).
↑ Known Logs - Certificate Transparency. Retrieved April 26, 2017 .
↑ heise Security: Certificate Transparency: Google puts the pistol on Symantec's chest. Retrieved April 26, 2017 .
↑ heise Security: TLS certificates: Google is tightening the thumbscrews of the CAs. Retrieved April 26, 2017 .
↑ heise Security: Symantec is handling the wrong Google certificate. Retrieved April 26, 2017 .
↑ heise Security: Chrome: Google is serious about Certificate Transparency. Retrieved May 2, 2018 .

[1] se Security: Protocol of a crime: DigiNotar burglary largely cleared up. Retrieved April 26, 2017 .

[digicert.com-2] Certificate Transparency (CT) Status | DigiCert.com. Retrieved April 26, 2017 (English).

[3] Known Logs - Certificate Transparency. Retrieved April 26, 2017 .

[4] se Security: Certificate Transparency: Google puts the pistol on Symantec's chest. Retrieved April 26, 2017 .

[5] se Security: TLS certificates: Google is tightening the thumbscrews of the CAs. Retrieved April 26, 2017 .

[6] se Security: Symantec is handling the wrong Google certificate. Retrieved April 26, 2017 .

[7] se Security: Chrome: Google is serious about Certificate Transparency. Retrieved May 2, 2018 .