{"id":2984,"date":"2014-01-26T13:30:10","date_gmt":"2014-01-26T08:00:10","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=2984"},"modified":"2014-02-11T13:37:55","modified_gmt":"2014-02-11T08:07:55","slug":"the-certificate-transparency-initiative","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/the-certificate-transparency-initiative\/","title":{"rendered":"The &#8216;Certificate Transparency&#8217; Initiative"},"content":{"rendered":"<p>Before we get into what is certificate transparency and why there is a Google initiative currently running to implement this, let&#8217;s understand a bit of the background.<br \/>\n<!--more--><br \/>\n&nbsp;<br \/>\nIn 2011, the CA DigiNotar&#8217;s systems were hacked and a certificate was issued in the name of Google to an entity that was not Google. The speculation rife at that time was that the entity in question was a government body of Iran. When internet users in Iran tried to access Google, they were taken to a server which hosted this bogus certificate and which acted as a man-in-the-middle listening in on conversations. Users across ISPs in Iran experienced this behaviour. Additionally, this behaviour was noticeable sporadically for an hour or two a day. DigiNotar subsequently revoked the certificate.<br \/>\n&nbsp;<br \/>\nUnder the PKI system of things, DigiNotar was a trusted Certifying Authority &#8211; People trusted it to issue digital certificates to organisations after duly ensuring the authenticity of the organization requesting the certificate. DigiNotar failed in this aspect by issuing more than 500 fake certificates. Major web browsers reacted to this large scale issuance of fake certificates by blacklisting the CA itself. The Dutch government took over operation of the CA and in the same month DigiNotar declared bankruptcy.<br \/>\n&nbsp;<br \/>\nThe reason a hack like this was able to take place was (other than the fact that DigiNotar did not perform its duties effectively) that there was no one checking whether the certificates issued by various CAs are indeed correct and issued to the right organization.<br \/>\n&nbsp;<br \/>\nThis checking is what the Certificate Transparency initiative is all about.<br \/>\n&nbsp;<br \/>\n<a href=\"https:\/\/www.qadit.com\/blog\/wp-content\/Logging_Certificates.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.qadit.com\/blog\/wp-content\/Logging_Certificates.png\" alt=\"\" width=\"401\" height=\"605\" class=\"aligncenter size-full wp-image-2985\" srcset=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/Logging_Certificates.png 401w, https:\/\/qadit.com\/blog\/wp-content\/uploads\/Logging_Certificates-198x300.png 198w\" sizes=\"auto, (max-width: 401px) 100vw, 401px\" \/><\/a><br \/>\n&nbsp;<br \/>\nThe certificates issued will be stored in a central repository\/ repositories and independent authorities can verify the certificates issued. Browsers can be built perform the same checks.<br \/>\n&nbsp;<br \/>\nAs of this writing, Google has started a logging service and also updated its Chrome browser (version 33 onwards) to support the feature. Some CAs like DigiCert have also started supporting the initiative.<br \/>\n&nbsp;<br \/>\nIt&#8217;s anybody&#8217;s guess whether this initiative will be a success and can indeed plug some of the loopholes in the PKI\/ SSL model.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Before we get into what is certificate transparency and why there is a Google initiative currently running to implement this, let&#8217;s understand a bit of the background.<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-2984","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-M8","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/2984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=2984"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/2984\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=2984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=2984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=2984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}