CertificateTransparency
CertificateTransparency copied to clipboard
GoogleChrome
@jsha raised this on the ct-policy [mailing list](https://groups.google.com/a/chromium.org/g/ct-policy/c/gjcdzPE1FlI/m/jSyukaZzCQAJ) , highlighting how TLS allows certificates up to 2^24 bytes (16.7 MB), while it's likely that logs may have a much smaller...
Right now, the Inclusion Request bug is not linked in the table on the main page, only the revision in which the Log was first Qualified. For CAs that wish...
The https://github.com/chromium/ct-policy/blob/master/README.md document says things like "Chromium requires" but CT enforcement is [not enabled](https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate-transparency.md#Supporting-Certificate-Transparency-for-Embedders) in Chromium by default. We should replace "Chromium" with "Chrome" when describing product behavior.
The Chromium implementation of CT is limited in support of public keys to the set of public keys it accepts for the Web PKI: * RSA (nominally, 2048, 3072, 4096)...
The CT team at Google has announced on the ct-policy list that they are running mirrors for all CT logs recognized by Chrome. It would be useful to make a...
[This post](https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ) by Devon O'Brien states that: > Since January 2015, Chrome has required that Extended Validation (EV) certificates be CT-compliant in order to receive EV status. In April 2018,...
The current CT Policy background provides historic context about things that have been required to be CT Qualified, but can be easily misunderstood as being an exhaustive list of everything...
RFC6962 notes that "In order to avoid logs being spammed into uselessness, it is required that each chain is rooted in a known CA certificate." If a log accepts certificates...
There could be a situation where a log distrust action will have to be applied retrospectively. I.e., if it comes to light that a log has been maliciously operating over...
Currently, the number of SCTs related to the Lifetime of Certificate is defined in months. However, this leaves it ambiguous as to how to calculate it. Several possible interpretations have...