[caops-wg] Apropos Certificate Transparency
Jensen, Jens (STFC,RAL,SC)
jens.jensen at stfc.ac.uk
Wed Mar 15 12:15:15 EDT 2017
... this may be of interest to CAOPS as it provides some information
around the deployment of RFC6962 and aims to address privacy concerns.
Also note there's a 6962-bis.
https://arxiv.org/abs/1703.02209
Mind you if there were privacy concerns I'd just build my own CT service
and keep it hidden and use the signed metadata in TLS connections (the
SCT). However, that sort of loses the "transparency" part as
transparency is only available privately.
One fine day when I have a spare moment I shall work again on my
implementation - you may recall that I implemented the Merkle tree half
- the one that provides the irreversible(ish) logs - but not the other bits.
Regards
--jens
More information about the caops-wg
mailing list