Collaborate Disseminate
Today I learned of the existence of crt.sh. I typed one of my domain names into the search box to find out what it returns. I found a lot of certificate entries for domains that I don’t recognize, and which appear spammy to me. Many of the… Continue reading crt.sh shows certificates for domains I don’t recognize
There have been reports of attacks against certificate authorities resulting in the issuance of fraudulent TLS certificates for sites such as google.com, yahoo.com, and skype.com. These attacks seem to be a thing of the past though, and I … Continue reading What prevents certificate authorities from issuing fraudulent TLS certificates?
I was able to grasp how CT works by reading this explanation, but one thing remains unclear for me – how CT may protect ecosystem from hacked CA server. For example, someone hacked Digicert, and now from it behaves issues EV or regular cer… Continue reading How does Certificate Transparency protect from hacked CA server [duplicate]
I was able to grasp how CT works by reading this explanation, but one thing remains unclear for me – how CT may protect ecosystem from hacked CA server. For example, someone hacked Digicert, and now from it behaves issues EV or regular cer… Continue reading How does Certificate Transparency protect from hacked CA server [duplicate]
I have deployed a Certificate Transparency (CT) log server that uses Google’s CTFE (named "certificate-transparency-go" on Github) and Trillian Projects. And I have issued a pre-certificate, submitted to my own CT log server.
I h… Continue reading How to create and embed Signed Certificate Timestamp (SCT) in certificate
Inspired by this comment from Can DDNS provider perform a MITM attack?, I was wondering if there is an automated way to check the Certificate Transparency logs for malicious/unexpected certificates.
For example, if I run some ACME client o… Continue reading Comparing ACME client logs against Certificate Transparency logs
I’ve been trying to understand the process how the certificates are being registered and wildcard certificates got my attention.
For some companies that offer free hosting in their site, I noticed that clients with free accounts can also h… Continue reading Does the wildcard certificates registered late?
As I understand it, Certificate Transparancy provides proof to the client that the presented certificate is publicly accessible in CT logs. The certificate being in the logs enables a domain owner to detect that a certificate has been issu… Continue reading What is expected of domain owners in the Certificate Transparency system?
I’ve been reading up on Certificate Transparency (CT), but can’t find anywhere how a client (like a browser) is supposed to check if the certificate is present in any of the certificate transparency logs.
Let’s take Google Chrome as an exa… Continue reading How does the certificate transparency check in Chrome work?
I am familiar with the basics of CT and certificate pinning. However, I’m failing to understand how CT properly replaces pinning in mobile apps in a scenario in which, for example, an attacker steals a device or downloads the application f… Continue reading Understanding Certificate Transparency in Mobile apps and How it Affects Traffic Proxying