Right now websites verify that they are who they say they are using a certificate guaranteed by a certificate authority (CA). However, "even the most trusted CAs can go rogue."As Pepijn van der Stap writes, "Real... reform requires acknowledging uncomfortable truths: trust doesn't scale... economic incentives matter... reactive security is insufficient (and) complexity is the enemy." That's why certificate transparency (CT) was introduced: to create a log of all certificates that have been offered to more easily identify the fake ones. It works a lot like blockchain: "In log submission, the CA submits the certificate (or a precertificate) to one or more CT logs, public, append-only data structures (typically Merkle Trees) that store certificates, allowing them to be queried by anyone."
Today: Total: [Direct link] [Share]
