Certificate Transparency

Magnus Ahltorp
TrackTrack 3 Nautica Room
DescriptionSince very early in the history of the web, X.509 certificates have been important as a way of authenticating HTTP hosts. There are, however, problems with this system.

The Certification Authorities (CAs) that issue these certificates are many, and even if the owner of a host trusts the CA it buys a certificate from, it might not trust all other CAs. Historically, it has been difficult to monitor the CAs, and several incidents have shown that incorrect certificates are indeed sometimes  issued.

Certificate transparency proposes to alleviate this problem by providing a mechanism that heavily incentivizes public disclosure of certificates. The certificates are stored in public append-only logs, which in turn can be monitored in a distributed and efficient manner by anyone.

All talks