Links

Ben Laurie blathering

«
»

Certificate Transparency Version 2

A lot of people didn’t like that the original version had a delay before you could issue a new certificate. So, we redesigned the protocol to avoid that problem.

In a nutshell, a new certificate is sent to the log, which immediately returns a signed hash of the certificate, indicating that the cert will be included in the log. It is required to actually appear in the log before a certain amount of time has passed. Other than that, everything proceeds along the same lines as before, though there are many detailed changes.

As always, comments welcome.

Share This

This entry was posted on Tuesday, July 31st, 2012 at 23:46 and is filed under Certificate Transparency, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

1 Comment »

  1. I’d love to see this idea somehow combined with the method Kaminsky presented for stuffing arbitrary data into bitcoin blocks. :-)

    Comment by Matt — 1 Aug 2012 @ 14:26

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress

Close
E-mail It