Bulletproof TLS Newsletter #40
Certificate Transparency logging is now mandatory
30 April 2018
Author: Hanno Böck

This issue was distributed to 44,829 email subscribers.

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space.

In this issue:

  1. Certificate Transparency logging is now mandatory
  2. Short news

Certificate Transparency logging is now mandatory

Starting April 30, the Chrome browser will require all new certificates to be compliant with Certificate Transparency. This is a major change in the certificate ecosystem and was prepared over several years. Certificate Transparency has already played a major role in many cases of uncovering mistakes by certificate authorities.

The core idea of Certificate Transparency is relatively simple: All publicly issued certificates are stored in public append-only logs. These allow everyone to check whether illegitimate certificates for their domains have been issued. To show that a certificate has been logged, two so-called signed certificate timestamps (SCTs) have to be provided during the TLS handshake. An SCT is a signed statement from a log confirming that a certificate has been submitted.

There are different ways to deliver an SCT, but the most common one is to add it directly to the certificate itself. Most certificate authorities do this automatically, so there is nothing a site operator has to do manually. Because a CA can’t log a certificate before it’s been issued, these certificate-embedded SCTs require issuing a precertificate, which contains a special extension and is identical to the final certificate, except that it lacks the SCTs.

This raises the question of whether both the precertificate and the final certificate should be logged or just the precertificate. Let’s Encrypt initially decided to log only the precertificate when it introduced SCTs, but it’s now working on logging the final certificate as well.

Although Certificate Transparency logging is now a requirement for new certificates, a rogue or compromised CA still may be able to create unlogged certificates by backdating them. This can be prevented by using the Expect-CT header.

The Hardenize service has added a check for Certificate Transparency compliance.

Short news