Certificate Transparency
SpeakerMagnus Ahltorp
TrackTrack 3 Nautica Room
DescriptionSince very early in the history of the web, X.509 certificates have been important as a way of authenticating HTTP hosts. There are, however, problems with this system.
The Certification Authorities (CAs) that issue these certificates are many, and even if the owner of a host trusts the CA it buys a certificate from, it might not trust all other CAs. Historically, it has been difficult to monitor the CAs, and several incidents have shown that incorrect certificates are indeed sometimes issued.
Certificate transparency proposes to alleviate this problem by providing a mechanism that heavily incentivizes public disclosure of certificates. The certificates are stored in public append-only logs, which in turn can be monitored in a distributed and efficient manner by anyone.
The Certification Authorities (CAs) that issue these certificates are many, and even if the owner of a host trusts the CA it buys a certificate from, it might not trust all other CAs. Historically, it has been difficult to monitor the CAs, and several incidents have shown that incorrect certificates are indeed sometimes issued.
Certificate transparency proposes to alleviate this problem by providing a mechanism that heavily incentivizes public disclosure of certificates. The certificates are stored in public append-only logs, which in turn can be monitored in a distributed and efficient manner by anyone.
Presentation documents
All talks
- A Hybrid Cloud for Norwegian HE
- A Virtual Global Infrastructure - Maximising infrastructure investment.
- Advances in the Global Network Architecture
- Benefits of student driven ISPs
- Building an Identity Federation using OpenID Connect
- Building an NREN without a Network
- Building an open HSM - The cryptech.is Project
- Building low-cost measurement infrastructure with perfSONAR
- CBF-ring in Northern Sweden, Finland and Norway
- Can we bridge the gap between average and peak loads in science networks?
- Certificate Transparency
- CodeRefinery: teaching scientists in modern software development
- Cost and benefit of NREN Cyber Risk Compliance
- DDoS Attacks on Research and Education: Stopping, Tracing and Prosecuting the Culprits
- Dynamic network provisioning over the NSI-enabled infrastructures: feedback and lessons learned from the FELIX project
- ESnet's Software Journey - From Networks to Visualization
- EUDAT – the pan-European Collaborative Data Infrastructure.
- EduKEEP: Towards a User-Centric Identity Management Model
- Emerging Software Defined Network Exchanges (SDXs)
- Forget SDN controllers, think Configuration Management
- Future Architecture of Federations
- GEANT Community Delivering Copernicus Mission Data
- Gaming e-Infrastructures to improve Interfederation Readiness
- Glenna: The Nordic Cloud Project
- Global Networks for High Energy Physics and Data Intensive Sciences: Past, Present and Future
- GÉANT Network Evolution: moving to a Software Defined Network
- Improving eduroam and WLAN in general
- InfiniCortex and InfiniCloud : a distributed way to exascale
- Information Security Management at DeiC
- Information Security Management at UNINETT
- Invitation to NDN2018
- Key management from the trenches and why you want an open HSM
- Make Security Great (Again)!
- Networking the Square Kilometre Array
- Nordic Media Group Report: Leveraging Media Services in the 21st Century
- Old data. Digital research infrastructure and archaeological data
- On Carrots and Sticks: Moving from Exams to Drills with Cryptocurrency Rewards
- Our new lecture capture setup
- Performance Monitoring of DWDM-links
- Pervasive Monitoring, 3 Years In
- Releasing Attributes for Science! - Why does this seem so difficult?
- SNIC Science Cloud (SSC): A National Cloud Infrastructure for Swedish Research
- Science DMZ's in the Philippines
- Scientific applications on an OpenStack cloud
- Securing the Internet
- Share, steward and reuse research data - European Open Science Cloud
- Software Defined Wavelengths: maximize photonic infrastructure usage and secure services
- Somewhere in the cloud is not enough
- SunetC – a story about fiber
- Supporting Student Mobility is impossible if we don't recognize our students
- The Changing NREN Landscape
- The Global Research Platform (GRP)
- The GÉANT SIG-ISM Group
- The LMS is dead, long live the digital learning platform
- The Networking Grand Challenge: Can We Rise to It?
- The role of YANG in network programming (for fun and profit)
- Three FUAS-universities of applied Sciences using Kaltura-service together in Finland
- Towards Smarter Security Analytics for the Internet of People
- UNINETT Certified Infrastructure Room
- Welcome
- What is an UnConference? How does it work?
- ePouta - A Cloud Platform for Sensitive Data