Перейти к файлу
Chris Thompson 7ba65b6061
Update log_list.md (#49)
Refreshing the informational log list after recent log transitions.
2024-10-01 15:44:45 -07:00
_layouts Fix Contributing link in default.html 2021-08-11 14:02:46 -07:00
assets/css Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
CONTRIBUTING.md Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
LICENSE Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
LICENSE.txt Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
README.md Add shortlinks to policy gh-pages to README.md 2021-07-29 15:53:41 -07:00
_config.yml Update _config.yml 2021-08-11 13:38:23 -07:00
changes.md Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
ct_policy.md Remove policy language no longer applicable to any still-valid certificates. 2024-07-25 10:23:35 -07:00
enterprises.md Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
glossary.md Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
log_list.md Update log_list.md (#49) 2024-10-01 15:44:45 -07:00
log_policy.md Update log inclusion link to use Buganizer 2024-07-25 10:08:57 -07:00
log_states.md Update remaining references to v3 log list. 2023-02-16 11:22:04 -08:00
logs.md Merge Nov 2020 CT Policy changes to master (#32) 2021-07-09 12:55:10 -07:00
mmd_monitor_root.crt Initial commit 2017-04-18 11:52:29 -04:00
site_operators.md minor wordsmithing 2024-07-25 10:28:18 -07:00

README.md

Certificate Transparency in Chrome

Chrome maintains two policies for Certificate Transparency:

  • The Chrome CT Policy outlines the criteria for certificates to be deemed CT Compliant in CT-enforcing versions of Chrome.
  • The Chrome CT Log Policy describes what requirements Chrome places on current and prospective CT Log Operators.

Overview of Certificate Transparency

Certificate Transparency (CT) is a protocol designed to fix several structural flaws in the SSL/TLS certificate ecosystem. Described in RFC 6962, it provides a public, append-only data structure that can log certificates that are issued by certificate authorities (CAs).

By logging certificates, it becomes possible for the public to see what certificates have been issued by a given CA. This allows site operators to detect when a certificate has been issued for their domains, allowing them to check for unauthorized issuance. It also allows browsers and root stores, and the broader community, to examine the certificates a CA has issued and ensure that the CA is complying with their expected or disclosed practices.

For more information about how Certificate Transparency works and its role in supporting the web PKI, you can find a helpful introduction to CT at https://certificate.transparency.dev.

Chrome requires all publicly-trusted TLS certificates issued after April 30, 2018 to support CT in order to be recognized as valid. This site provides details on what is required. Any questions should be directed to the ct-policy@chromium.org list.