Ben Laurie blathering

Certificate Transparency Version 2

A lot of people didn’t like that the original version had a delay before you could issue a new certificate. So, we redesigned the protocol to avoid that problem.

In a nutshell, a new certificate is sent to the log, which immediately returns a signed hash of the certificate, indicating that the cert will be included in the log. It is required to actually appear in the log before a certain amount of time has passed. Other than that, everything proceeds along the same lines as before, though there are many detailed changes.

As always, comments welcome.

1 Comment

  1. I’d love to see this idea somehow combined with the method Kaminsky presented for stuffing arbitrary data into bitcoin blocks. 🙂

    Comment by Matt — 1 Aug 2012 @ 14:26

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress