| Summary: | <p>Certificate Transparency is one of a number of recent proposals to improve the public key infrastructure of the Internet, all based on the use of public, verifiable log servers to store records of certain actions. Whilst it lacks some features of alternative systems, such as handling revocation or permitting distributed verification, Certificate Transparency has the significant advantage of support from the Chromium web browser team, and thus will be enabled for large parts of the Internet by early 2015.</p> <p>In this report we present an initial, informal security analysis of Certificate Transparency, identifying the implicit assumptions made elsewhere and describing the adversaries which is it designed to resist as well as those which it is not. We also suggest how this analysis could be formalised in future work, linking it to recent research on PKI in Bellare-Rogaway-style security games.</p>
|
|---|