fbpx
Wikipedia

Certificate Transparency

January 01, 1970

Certificate Transparency (CT) is an Internet security standard for monitoring and auditing the issuance of digital certificates.[1]

The security of HTTPS depends on the trust that certificates are only given out by the certificate authority that was requested by the owner of some website or IT infrastructure. Certificate Transparency has the potential to expose certificates that were given out without them being requested by the genuine owner, such as malicious certificates by a compromised certificate authority (CA), which happened in 2010 at DigiNotar.

RFC 9162 is a standard defining a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates.[2]

Technical overview edit

The certificate transparency system consists of a system of append-only certificate logs. Logs are operated by many parties, including browser vendors and certificate authorities.[3] Certificates that support certificate transparency must include one or more signed certificate timestamps (SCTs), which is a promise from a log operator to include the certificate in their log within a maximum merge delay (MMD).[4][3] At some point within the maximum merge delay, the log operator adds the certificate to their log. Each entry in a log references the hash of a previous one, forming a Merkle tree. The signed tree head (STH) references the current root of the Merkle tree.

Logging procedure edit

Although anyone can submit a certificate to a CT log, this task is commonly carried out by a CA as follows:[4][5]

  1. An applicant, "The natural person or Legal Entity that applies for (or seeks renewal of ) a Certificate",[6] requests a certificate from a CA.
  2. CA issues a special precertificate, a certificate which carries a poison extension signalling that it shouldn't be accepted by user agents.
  3. CA sends the precertificate to logs
  4. Logs return corresponding SCTs to the CA
  5. CA attaches SCTs collected from logs as an X.509 extension to the final certificate and provide it to the applicant.

Finally, a CA may decide to log the final certificate as well. Let's Encrypt E1 CA, for example, logs both precertificates and final certificates (see CA crt.sh profile page under 'issued certificates' section), whereas Google GTS CA 2A1 does not (see crt.sh profile page).

Mandatory certificate transparency edit

Some browsers require TLS certificates to have proof of being logged with certificate transparency,[7][8] either through SCTs embedded into the certificate, an extension during the TLS handshake, or through OCSP:

Browser Current SCT requirements Current OCSP/TLS extension requirements
Chrome/Chromium
  • One SCT from a currently approved log
  • Duration ≤ 180 days: 2 SCTs from once-approved logs
  • Duration > 180 days: 3 SCTs from once-approved logs[9][10]
  • 1 SCT from a current Google log
  • 1 SCT from a current non-Google log
Firefox None[11] None
Safari
  • One SCT from a currently approved log
  • Duration ≤ 180 days: 2 SCTs from once-approved logs
  • Duration > 180 days: 3 SCTs from once-approved logs[12]
 Two SCTs from currently approved logs

Log sharding edit

Due to the large quantities of certificates issued with the Web PKI, certificate transparency logs can grow to contain many certificates. This large quantity of certificates can cause strain on logs. Temporal sharding is a method to reduce the strain on logs by sharding a log into multiple logs, and having each shard only accept precertificates/certificates with an expiration date in a particular time period (usually a calendar year).[13][14][15] Cloudflare's Nimbus series of logs was the first to use temporal sharding.

Background edit

Advantages edit

One of the problems with digital certificate management is that fraudulent certificates take a long time to be spotted, reported and revoked. An issued certificate not logged using Certificate Transparency may never be spotted at all. Certificate Transparency makes it possible for the domain owner (and anyone interested) to get in knowledge of any certificate issued for a domain.

Certificate Transparency logs edit

Certificate Transparency depends on verifiable Certificate Transparency logs. A log appends new certificates to an ever-growing Merkle hash tree.[1]: §4  To be seen as behaving correctly, a log must:

  • Verify that each submitted certificate or precertificate has a valid signature chain leading back to a trusted root certificate authority certificate.
  • Refuse to publish certificates without this valid signature chain.
  • Store the entire verification chain from the newly accepted certificate back to the root certificate.
  • Present this chain for auditing upon request.

A log may accept certificates that are not yet fully valid and certificates that have expired.

Certificate Transparency monitors edit

Monitors act as clients to the log servers. Monitors check logs to make sure they are behaving correctly. An inconsistency is used to prove that a log has not behaved correctly, and the signatures on the log's data structure (the Merkle tree) prevent the log from denying that misbehavior.

Certificate Transparency auditors edit

Auditors also act as clients to the log servers. Certificate Transparency auditors use partial information about a log to verify the log against other partial information they have.[1]: §8.3 

Certificate Transparency log programs edit

Apple[16] and Google[13] have separate log programs with distinct policies and lists of trusted logs.

Root stores of Certificate Transparency logs edit

Certificate Transparency logs maintain their own root stores and only accept certificates that chain back to the trusted roots.[1] A number of misbehaving logs have been publishing inconsistent root stores in the past.[17]

History edit

 
An example of Certificate Transparency entry on Firefox 89

In 2011, a reseller of the certificate authority Comodo was attacked and the certificate authority DigiNotar was compromised,[18] demonstrating existing flaws in the certificate authority ecosystem and prompting work on various mechanisms to prevent or monitor unauthorized certificate issuance. Google employees Ben Laurie, Adam Langley and Emilia Kasper began work on an open source framework for detecting mis-issued certificates the same year. In 2012, they submitted the first draft of the standard to IETF under the code-name "Sunlight".[19]

In March 2013, Google launched its first certificate transparency log.[20]

In June 2013, RFC 6962 "Certificate Transparency" was published, based on the 2012 draft.

In September 2013, DigiCert became the first certificate authority to implement Certificate Transparency.[21]

In 2015, Google Chrome began requiring Certificate Transparency for newly issued Extended Validation Certificates.[22][23] It began requiring Certificate Transparency for all certificates newly issued by Symantec from June 1, 2016, after they were found to have issued 187 certificates without the domain owners' knowledge.[24][25] Since April 2018, this requirement has been extended to all certificates.[8]

On March 23, 2018, Cloudflare announced its own CT log named Nimbus.[26]

In May 2019, certificate authority Let's Encrypt launched its own CT log called Oak. Since February 2020, it is included in approved log lists and is usable by all publicly-trusted certificate authorities.[27]

In December 2021, RFC 9162 "Certificate Transparency Version 2.0" was published.[1] Version 2.0 includes major changes to the required structure of the log certificate, as well as support for Ed25519 as a signature algorithm of SCTs and support for including certificate inclusion proofs with the SCT.

In February 2022, Google published an update to their CT policy,[28] which removes the requirement for certificates to include a SCT from their own CT log service, matching all the requirements for certificates to those previously published by Apple.[29]

Signature Algorithms edit

In Certificate Transparency Version 2.0, a log must use one of the algorithms in the IANA registry "Signature Algorithms".[1]: 10.2.2 [30]

Tools for inspecting CT logs edit

  • crt.sh by Sectigo
  • Censys Search
  • Cert Spotter by sslmate
  • certstream.calidog.io
  • ct.cloudflare.com - Merkle Town by Cloudflare
  • Meta Certificate Transparency Monitoring by Meta
  • Certificate Transparency Root Explorer
  • EZMonitor by Keytos[31]

References edit

  1. ^ a b c d e f Certificate Transparency Version 2.0. December 2021. doi:10.17487/RFC9162. RFC 9162.
  2. ^ Solomon, Ben (8 August 2019). . Cloudflare. Archived from the original on 8 August 2019. Retrieved 9 August 2019. Ah, Certificate Transparency (CT). CT solves the problem I just described by making all certificates public and easy to audit. When CAs issue certificates, they must submit certificates to at least two "public logs." This means that collectively, the logs carry important data about all trusted certificates on the Internet.
  3. ^ a b Scheitle, Quirin; Gasser, Oliver; Nolte, Theodor; Amann, Johanna; Brent, Lexi; Carle, Georg; Holz, Ralph; Schmidt, Thomas C.; Wählisch, Matthias (2018-10-31). "The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem". Proceedings of the Internet Measurement Conference 2018. Boston MA USA: ACM. pp. 343–349. doi:10.1145/3278532.3278562. ISBN 978-1-4503-5619-0. S2CID 52814744.
  4. ^ a b "How CT Works : Certificate Transparency". certificate.transparency.dev. Retrieved 2022-02-25.
  5. ^ "Certificate Transparency (CT) Logs". Let's Encrypt. Retrieved 2024-01-04.
  6. ^ "Baseline Requirements for the Issuance and Management of Publicly‐Trusted Certificates" (PDF). CA/B Forum. Retrieved 4 January 2024.
  7. ^ Call, Ashley (2015-06-03). "Certificate Transparency: FAQs | DigiCert Blog". DigiCert. Retrieved 2021-04-13.
  8. ^ a b O'Brien, Devon (7 February 2018). "Certificate Transparency Enforcement in Google Chrome". Google Groups. Retrieved 18 December 2019.
  9. ^ This applies for certificates issued on or after 15 April 2022. For older certificates, other criteria apply.
  10. ^ "Chrome Certificate Transparency Policy". CertificateTransparency. Retrieved 2022-02-26.
  11. ^ "Certificate Transparency - Web security | MDN". developer.mozilla.org. Retrieved 2022-02-26.
  12. ^ "Apple's Certificate Transparency policy". Apple Support. 5 March 2021. Retrieved 2022-02-26.
  13. ^ a b "Chrome CT Log Policy". googlechrome.github.io. Retrieved 2021-10-14.
  14. ^ Tomescu, Alin; Bhupatiraju, Vivek; Papadopoulos, Dimitrios; Papamanthou, Charalampos; Triandopoulos, Nikos; Devadas, Srinivas (2019-11-06). "Transparency Logs via Append-Only Authenticated Dictionaries". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. London United Kingdom: ACM. pp. 1299–1316. doi:10.1145/3319535.3345652. ISBN 978-1-4503-6747-9. S2CID 52034337.
  15. ^ "Scaling CT Logs: Temporal Sharding | DigiCert.com". www.digicert.com. Retrieved 2022-02-26.
  16. ^ "Apple's Certificate Transparency log program". apple.com. 28 January 2019. Retrieved 2021-10-14.
  17. ^ Korzhitskii, Nikita; Carlsson, Niklas (2020). Characterizing the root landscape of Certificate Transparency logs. arXiv:2001.04319. {{cite book}}: |work= ignored (help)
  18. ^ Bright, Peter (August 30, 2011). "Another fraudulent certificate raises the same old questions about certificate authorities". Ars Technica. Retrieved 2018-02-10.
  19. ^ Laurie, Ben; Langley, Adam; Kasper, Emilia (2012-09-12). "Certificate Transparency (draft-laurie-pki-sunlight)". ietf.org. IETF. Retrieved 2023-05-28.
  20. ^ "Known Logs - Certificate Transparency". certificate-transparency.org. Retrieved 2015-12-31.
  21. ^ "DigiCert Announces Certificate Transparency Support". Dark Reading. 2013-09-24. Retrieved 2018-10-31.
  22. ^ Woodfield, Meggie (December 5, 2014). "Certificate Transparency Required for EV Certificates to Show Green Address Bar in Chrome". DigiCert Blog. DigiCert.
  23. ^ Laurie, Ben (February 4, 2014). "Updated Certificate Transparency + Extended Validation plan". public@cabforum.org (Mailing list). from the original on 2014-03-30.
  24. ^ . Symantec Knowledge Center. Symantec. June 9, 2016. Archived from the original on October 5, 2016. Retrieved September 22, 2016.
  25. ^ Sleevi, Ryan (October 28, 2015). "Sustaining Digital Certificate Security". Google Security Blog.
  26. ^ Sullivan, Nick (23 March 2018). "Introducing Certificate Transparency and Nimbus". cloudflare.com. from the original on 23 March 2018. Retrieved 9 August 2019.
  27. ^ "Introducing Oak, a Free and Open Certificate Transparency Log - Let's Encrypt". letsencrypt.org. Retrieved 2021-04-13.
  28. ^ "Google CT Policy Update". Google Groups. Retrieved 2022-02-14.
  29. ^ "Apple's Certificate Transparency Policy". support.apple.com. 5 March 2021. Retrieved 2022-02-14.
  30. ^ "Signature Algorithms". Public Notary Transparency. IANA. Retrieved 2023-05-28.
  31. ^ "Monitors : Certificate Transparency". certificate.transparency.dev. Retrieved 2023-03-06.

External links edit

  • Official website
  • RFC 9162 Certificate Transparency Version 2.0 (which obsoleted previous RFC 6962)
  • crt.sh, a Certificate Transparency Log search engine
  • Google Certificate Transparency Report
  • Certificate Transparency Monitoring by Meta
  • CT test on badssl.com

January 01, 1970
certificate, transparency, this, article, technical, most, readers, understand, please, help, improve, make, understandable, experts, without, removing, technical, details, august, 2023, learn, when, remove, this, message, internet, security, standard, monitor. This article may be too technical for most readers to understand Please help improve it to make it understandable to non experts without removing the technical details August 2023 Learn how and when to remove this message Certificate Transparency CT is an Internet security standard for monitoring and auditing the issuance of digital certificates 1 The security of HTTPS depends on the trust that certificates are only given out by the certificate authority that was requested by the owner of some website or IT infrastructure Certificate Transparency has the potential to expose certificates that were given out without them being requested by the genuine owner such as malicious certificates by a compromised certificate authority CA which happened in 2010 at DigiNotar RFC 9162 is a standard defining a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities allowing efficient identification of mistakenly or maliciously issued certificates 2 Contents 1 Technical overview 1 1 Logging procedure 1 2 Mandatory certificate transparency 1 3 Log sharding 2 Background 2 1 Advantages 2 2 Certificate Transparency logs 2 3 Certificate Transparency monitors 2 4 Certificate Transparency auditors 2 5 Certificate Transparency log programs 2 6 Root stores of Certificate Transparency logs 3 History 4 Signature Algorithms 5 Tools for inspecting CT logs 6 References 7 External linksTechnical overview editThe certificate transparency system consists of a system of append only certificate logs Logs are operated by many parties including browser vendors and certificate authorities 3 Certificates that support certificate transparency must include one or more signed certificate timestamps SCTs which is a promise from a log operator to include the certificate in their log within a maximum merge delay MMD 4 3 At some point within the maximum merge delay the log operator adds the certificate to their log Each entry in a log references the hash of a previous one forming a Merkle tree The signed tree head STH references the current root of the Merkle tree Logging procedure edit Although anyone can submit a certificate to a CT log this task is commonly carried out by a CA as follows 4 5 An applicant The natural person or Legal Entity that applies for or seeks renewal of a Certificate 6 requests a certificate from a CA CA issues a special precertificate a certificate which carries a poison extension signalling that it shouldn t be accepted by user agents CA sends the precertificate to logs Logs return corresponding SCTs to the CA CA attaches SCTs collected from logs as an X 509 extension to the final certificate and provide it to the applicant Finally a CA may decide to log the final certificate as well Let s Encrypt E1 CA for example logs both precertificates and final certificates see CA crt sh profile page under issued certificates section whereas Google GTS CA 2A1 does not see crt sh profile page Mandatory certificate transparency edit Some browsers require TLS certificates to have proof of being logged with certificate transparency 7 8 either through SCTs embedded into the certificate an extension during the TLS handshake or through OCSP Browser Current SCT requirements Current OCSP TLS extension requirements Chrome Chromium One SCT from a currently approved log Duration 180 days 2 SCTs from once approved logs Duration gt 180 days 3 SCTs from once approved logs 9 10 1 SCT from a current Google log 1 SCT from a current non Google log Firefox None 11 None Safari One SCT from a currently approved log Duration 180 days 2 SCTs from once approved logs Duration gt 180 days 3 SCTs from once approved logs 12 Two SCTs from currently approved logs Log sharding edit Due to the large quantities of certificates issued with the Web PKI certificate transparency logs can grow to contain many certificates This large quantity of certificates can cause strain on logs Temporal sharding is a method to reduce the strain on logs by sharding a log into multiple logs and having each shard only accept precertificates certificates with an expiration date in a particular time period usually a calendar year 13 14 15 Cloudflare s Nimbus series of logs was the first to use temporal sharding Background editAdvantages edit One of the problems with digital certificate management is that fraudulent certificates take a long time to be spotted reported and revoked An issued certificate not logged using Certificate Transparency may never be spotted at all Certificate Transparency makes it possible for the domain owner and anyone interested to get in knowledge of any certificate issued for a domain Certificate Transparency logs edit Certificate Transparency depends on verifiable Certificate Transparency logs A log appends new certificates to an ever growing Merkle hash tree 1 4 To be seen as behaving correctly a log must Verify that each submitted certificate or precertificate has a valid signature chain leading back to a trusted root certificate authority certificate Refuse to publish certificates without this valid signature chain Store the entire verification chain from the newly accepted certificate back to the root certificate Present this chain for auditing upon request A log may accept certificates that are not yet fully valid and certificates that have expired Certificate Transparency monitors edit Monitors act as clients to the log servers Monitors check logs to make sure they are behaving correctly An inconsistency is used to prove that a log has not behaved correctly and the signatures on the log s data structure the Merkle tree prevent the log from denying that misbehavior Certificate Transparency auditors edit Auditors also act as clients to the log servers Certificate Transparency auditors use partial information about a log to verify the log against other partial information they have 1 8 3 Certificate Transparency log programs edit Apple 16 and Google 13 have separate log programs with distinct policies and lists of trusted logs Root stores of Certificate Transparency logs edit Certificate Transparency logs maintain their own root stores and only accept certificates that chain back to the trusted roots 1 A number of misbehaving logs have been publishing inconsistent root stores in the past 17 History edit nbsp An example of Certificate Transparency entry on Firefox 89 In 2011 a reseller of the certificate authority Comodo was attacked and the certificate authority DigiNotar was compromised 18 demonstrating existing flaws in the certificate authority ecosystem and prompting work on various mechanisms to prevent or monitor unauthorized certificate issuance Google employees Ben Laurie Adam Langley and Emilia Kasper began work on an open source framework for detecting mis issued certificates the same year In 2012 they submitted the first draft of the standard to IETF under the code name Sunlight 19 In March 2013 Google launched its first certificate transparency log 20 In June 2013 RFC 6962 Certificate Transparency was published based on the 2012 draft In September 2013 DigiCert became the first certificate authority to implement Certificate Transparency 21 In 2015 Google Chrome began requiring Certificate Transparency for newly issued Extended Validation Certificates 22 23 It began requiring Certificate Transparency for all certificates newly issued by Symantec from June 1 2016 after they were found to have issued 187 certificates without the domain owners knowledge 24 25 Since April 2018 this requirement has been extended to all certificates 8 On March 23 2018 Cloudflare announced its own CT log named Nimbus 26 In May 2019 certificate authority Let s Encrypt launched its own CT log called Oak Since February 2020 it is included in approved log lists and is usable by all publicly trusted certificate authorities 27 In December 2021 RFC 9162 Certificate Transparency Version 2 0 was published 1 Version 2 0 includes major changes to the required structure of the log certificate as well as support for Ed25519 as a signature algorithm of SCTs and support for including certificate inclusion proofs with the SCT In February 2022 Google published an update to their CT policy 28 which removes the requirement for certificates to include a SCT from their own CT log service matching all the requirements for certificates to those previously published by Apple 29 Signature Algorithms editIn Certificate Transparency Version 2 0 a log must use one of the algorithms in the IANA registry Signature Algorithms 1 10 2 2 30 Tools for inspecting CT logs editcrt sh by Sectigo Censys Search Cert Spotter by sslmate certstream calidog io ct cloudflare com Merkle Town by Cloudflare Meta Certificate Transparency Monitoring by Meta Certificate Transparency Root Explorer EZMonitor by Keytos 31 References edit a b c d e f Certificate Transparency Version 2 0 December 2021 doi 10 17487 RFC9162 RFC 9162 Solomon Ben 8 August 2019 Introducing Certificate Transparency Monitoring Cloudflare Archived from the original on 8 August 2019 Retrieved 9 August 2019 Ah Certificate Transparency CT CT solves the problem I just described by making all certificates public and easy to audit When CAs issue certificates they must submit certificates to at least two public logs This means that collectively the logs carry important data about all trusted certificates on the Internet a b Scheitle Quirin Gasser Oliver Nolte Theodor Amann Johanna Brent Lexi Carle Georg Holz Ralph Schmidt Thomas C Wahlisch Matthias 2018 10 31 The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem Proceedings of the Internet Measurement Conference 2018 Boston MA USA ACM pp 343 349 doi 10 1145 3278532 3278562 ISBN 978 1 4503 5619 0 S2CID 52814744 a b How CT Works Certificate Transparency certificate transparency dev Retrieved 2022 02 25 Certificate Transparency CT Logs Let s Encrypt Retrieved 2024 01 04 Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates PDF CA B Forum Retrieved 4 January 2024 Call Ashley 2015 06 03 Certificate Transparency FAQs DigiCert Blog DigiCert Retrieved 2021 04 13 a b O Brien Devon 7 February 2018 Certificate Transparency Enforcement in Google Chrome Google Groups Retrieved 18 December 2019 This applies for certificates issued on or after 15 April 2022 For older certificates other criteria apply Chrome Certificate Transparency Policy CertificateTransparency Retrieved 2022 02 26 Certificate Transparency Web security MDN developer mozilla org Retrieved 2022 02 26 Apple s Certificate Transparency policy Apple Support 5 March 2021 Retrieved 2022 02 26 a b Chrome CT Log Policy googlechrome github io Retrieved 2021 10 14 Tomescu Alin Bhupatiraju Vivek Papadopoulos Dimitrios Papamanthou Charalampos Triandopoulos Nikos Devadas Srinivas 2019 11 06 Transparency Logs via Append Only Authenticated Dictionaries Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security London United Kingdom ACM pp 1299 1316 doi 10 1145 3319535 3345652 ISBN 978 1 4503 6747 9 S2CID 52034337 Scaling CT Logs Temporal Sharding DigiCert com www digicert com Retrieved 2022 02 26 Apple s Certificate Transparency log program apple com 28 January 2019 Retrieved 2021 10 14 Korzhitskii Nikita Carlsson Niklas 2020 Characterizing the root landscape of Certificate Transparency logs arXiv 2001 04319 a href Template Cite book html title Template Cite book cite book a work ignored help Bright Peter August 30 2011 Another fraudulent certificate raises the same old questions about certificate authorities Ars Technica Retrieved 2018 02 10 Laurie Ben Langley Adam Kasper Emilia 2012 09 12 Certificate Transparency draft laurie pki sunlight ietf org IETF Retrieved 2023 05 28 Known Logs Certificate Transparency certificate transparency org Retrieved 2015 12 31 DigiCert Announces Certificate Transparency Support Dark Reading 2013 09 24 Retrieved 2018 10 31 Woodfield Meggie December 5 2014 Certificate Transparency Required for EV Certificates to Show Green Address Bar in Chrome DigiCert Blog DigiCert Laurie Ben February 4 2014 Updated Certificate Transparency Extended Validation plan public cabforum org Mailing list Archived from the original on 2014 03 30 Symantec Certificate Transparency CT for certificates issued before June 1 2016 Symantec Knowledge Center Symantec June 9 2016 Archived from the original on October 5 2016 Retrieved September 22 2016 Sleevi Ryan October 28 2015 Sustaining Digital Certificate Security Google Security Blog Sullivan Nick 23 March 2018 Introducing Certificate Transparency and Nimbus cloudflare com Archived from the original on 23 March 2018 Retrieved 9 August 2019 Introducing Oak a Free and Open Certificate Transparency Log Let s Encrypt letsencrypt org Retrieved 2021 04 13 Google CT Policy Update Google Groups Retrieved 2022 02 14 Apple s Certificate Transparency Policy support apple com 5 March 2021 Retrieved 2022 02 14 Signature Algorithms Public Notary Transparency IANA Retrieved 2023 05 28 Monitors Certificate Transparency certificate transparency dev Retrieved 2023 03 06 External links editOfficial website RFC 9162 Certificate Transparency Version 2 0 which obsoleted previous RFC 6962 crt sh a Certificate Transparency Log search engine Google Certificate Transparency Report Certificate Transparency Monitoring by Meta CT test on badssl com Retrieved from https en wikipedia org w index php title Certificate Transparency amp oldid 1197537850, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.