Certificate Transparency in Theory and Practice
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
Place, publisher, year, edition, pages
2016. , 84 p.
Transparency, Certificate, SSL, TLS, Authetication, X.509
Engineering and Technology
IdentifiersURN: urn:nbn:se:liu:diva-125855ISRN: LIU-IDA/LITH-EX-A--16/001--SEOAI: oai:DiVA.org:liu-125855DiVA: diva2:909303
Subject / course
2016-01-28, John von Neumann, Linköping, 13:00 (English)
Carlsson, Niklas, Associate Professor