2024-07-04, 11:10–11:45 (Europe/Paris), Amphitheater
Certificate Transparency was initiated in 2011 after Diginotar, a certificate authority, was breached. This transparency ecosystem now logs all HTTPS certificates accepted by major root programs. It makes certificates publicly discoverable, and would make such attacks discoverable shall they happened again. This ecosystem requires the collaboration of multiple participants: log operators, certificate authorities, user agents, root programs, domain owners, log monitors and verifiers. Log operators, run one of the core components of this ecosystem: tamper-evident logs. This technology was first rolled out at scale for Certificate Transparency, and is now being used for more use cases, such as binary transparency.
In this talk, we will provide an overview of Certificate Transparency, and explain how all the ecosystem participants work together to keep the ecosystem healthy and usable. We will go over the technical specificities of Certificate Transparency, and future plans of bringing CT and other transparent ecosystems closer.
Philippe is an engineer at Google in London. He is part of the TrustFabric team building and deploying software powering transparency ecosystems, where he's the tech lead for Certificate Transparency.