Certificate Transparency Revisited: The Public Inspections on Third-party Monitors
Aozhuo Sun
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · Network Infrastructure
The integrity of the modern web relies heavily on **TLS certificates**, which vouch for the authenticity of websites and secure communication. However, the ecosystem built on trust in **Certification Authorities (CAs)** has been plagued by incidents of misissued or fraudulent certificates, undermining this fundamental trust. The **Certificate Transparency (CT)** framework was introduced to combat this by enhancing accountability and enabling prompt detection of such certificates. While CT mandates public logging of all certificate issuances and employs a system of log servers, auditors, and monitors, a critical vulnerability persists: the third-party monitors, essential for detecting misissued certificates, are largely uninspected and prone to unreliability.