Wednesday, September 23, 2015

Certificate Transparency works!

Certificate Transparency for the win: https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom

This is a good indicator in that it is a small step forward in resiliency for the global PKI based on the new capability offered by Certificate Transparency:  http://www.certificate-transparency.org/ Resiliency increases when infrastructure can diagnose itself to tie-off problems before they spread widely.

Update: the "definitive" list of certificate transparency log servers is said to be in the chromium source code, here:
https://chromium.googlesource.com/chromium/src/+/master/net/cert/ct_known_logs_static.h

(for humans:
http://www.chromium.org/Home/chromium-security/certificate-transparency)

No comments: