Certificate Transparency Version 2.0

Laurie, Ben; Messeri, Eran; Stradling, Rob

doi:10.17487/rfc9162

Cited by 36 publications

(15 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our description of Certificate Transparency (CT) and its components follows RFC 6962 [41]. We refer at various points to specific aspects of another RFC, 6962bis [42], which describes "version 2.0 of the Certificate Transparency protocol." To the best of our knowledge, RFC 6962 is an accurate description of CT as it exists today and there have been no announced plans to migrate CT to RFC 6962-bis.…”

Section: Sct Auditingmentioning

confidence: 99%

“…RFC 6962-bis briefly suggests that inclusion proofs can be embedded in a certificate via a custom extension [42,Section 7.1.2]. This leaves open several questions, however, one of which is who should be responsible for embedding the inclusion proof.…”

Section: Embedding Fast and Slowmentioning

confidence: 99%

“…It is thus important for querying proposals to consider not only how clients can preserve their privacy in obtaining inclusion proofs, but also how they can do so in obtaining consistency proofs. An alternative is to impose a rate limit on the number of STHs that can be produced within a given period of time, as is suggested in 3 https://gs.statcounter.com/browser-market-share RFC 6962-bis [42,Section 4.10]. This requires substantial changes to log operation, however, which hinders near-term deployability.…”

Section: Summary Of Constraintsmentioning

confidence: 99%

See 2 more Smart Citations

SoK: SCT Auditing in Certificate Transparency

Meiklejohn

DeBlasio

O’Brien

et al. 2022

PoPETs

View full text Add to dashboard Cite

The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates or suffer misuse attacks, however, which has given rise to the Certificate Transparency (CT) project. The goal of CT is to store all issued certificates in public logs, which can then be checked for the presence of potentially misissued certificates. Thus, the requirement that a given certificate is indeed in one (or several) of these logs lies at the core of CT. In its current deployment, however, most individual clients do not check that the certificates they see are in logs, as requesting a proof of inclusion directly reveals the certificate and thus creates the clear potential for a violation of that client’s privacy. In this paper, we explore the techniques that have been proposed for privacy-preserving auditing of certificate inclusion, focusing on their effectiveness, efficiency, and suitability in a near-term deployment. In doing so, we also explore the parallels with related problems involving browser clients. Guided by a set of constraints that we develop, we ultimately observe several key limitations in many proposals, ranging from their privacy provisions to the fact that they focus on the interaction between a client and a log but leave open the question of how a client could privately report any certificates that are missing.

show abstract

Section: Sct Auditingmentioning

confidence: 99%

Section: Embedding Fast and Slowmentioning

confidence: 99%

Section: Summary Of Constraintsmentioning

confidence: 99%

See 1 more Smart Citation

SoK: SCT Auditing in Certificate Transparency

Meiklejohn

DeBlasio

O’Brien

et al. 2022

PoPETs

View full text Add to dashboard Cite

show abstract

“…iCloud Keychain data could potentially be encrypted with keys derived directly from the user biometrics, but this isn't without risk either. Another plausible solution for authenticating Apple HSMs to users could entail a Certificate Transparency-like [123] solution wherein peers validate the addresses and correctness of the HSMs and publicly broadcast or peer-to-peer share this information. 30 Abstract control of the USB interface.…”

Section: Proposed Improvements To Iosmentioning

confidence: 99%

Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

Zinkus¹,

Jois²,

Green³

2021

Preprint

View full text Add to dashboard Cite

“…Beyond KT, there are a growing number of projects with similar goals: Certificate Transparency (CT) [5,19,32,[34][35][36]45], software transparency [2,23,41], and more general transparency [21,49]. Looking further into the future, one could imagine bringing transparency to aspects of government; e.g., a land registry in which anyone could obtain verifiable results of a lookup (finding the current owner of a property) or an audit (finding the entire history of ownership).…”

Section: Introductionmentioning

confidence: 99%

Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures

Meiklejohn,

Kalinnikov,

Lin

et al. 2020

Preprint

View full text Add to dashboard Cite

In recent years, there has been increasing recognition of the benefits of having services provide auditable logs of data, as demonstrated by the deployment of Certificate Transparency and the development of other transparency projects. Most proposed systems, however, rely on a gossip protocol by which users can be assured that they have the same view of the log, but the few gossip protocols that do exist today are not suited for near-term deployment. Furthermore, they assume the presence of global sets of auditors, who must be blindly trusted to correctly perform their roles, in order to achieve their stated transparency goals. In this paper, we address both of these issues by proposing a gossip protocol and a verifiable registry, Mog, in which users can perform their own auditing themselves. We prove the security of our protocols and demonstrate via experimental evaluations that they are performant in a variety of potential near-term deployments.

show abstract

Certificate Transparency Version 2.0

Cited by 36 publications

References 0 publications

SoK: SCT Auditing in Certificate Transparency

SoK: SCT Auditing in Certificate Transparency

Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures

Contact Info

Product

Resources

About