Certificate Transparency with Privacy

Authors: Saba Eskandarian (Stanford University), Eran Messeri, Joseph Bonneau, Dan Boneh

Volume: 2017
Issue: 4
Pages: 329–344
DOI: https://doi.org/10.1515/popets-2017-0052

Download PDF

Abstract: Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.

Keywords: Certificates, Certificate Transparency, Privacy, Private domains

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.