[TS-4245] Add support for Certificate transparency TLS extension - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: sometime
Component/s: SSL
Labels:
None

Description

Certificate transparency is very important for EV certificate holders. Chrome or Firefox does not show the special green bar without this info.

This TLS extension is defined here,
https://tools.ietf.org/html/rfc6962

and the site by google,
https://www.certificate-transparency.org

This info can be delivered to the browser of end-users in one of the three possible ways -
1) OCSP stapling
2) In the certificate itself.
3) as a TLS extension.

It is not an issue for those SSL certificates which include the CT info in the certificate or when it is delivered through OCSP. But very few providers have support for such.

Another thing to note is that TLS extension is probably the best method as it provides freedom to choose other logs along with certain measure of redundancy.

Thanks

EDIT: ". A one year EV certificate requires two proofs while a two year EV certificate requires at least three proofs."

Source: - https://blog.digicert.com/certificate-transparency-required-ev-certificates-show-green-address-bar-chrome/

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Prakhar Rudra

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Mar/16 04:03

Updated:: 02/Mar/16 17:36