Quite a few people have said to me that Certificate Transparency (CT) sounds like a good idea, but they’d like to see a proper spec.
Well, there’s been one of those for quite a while, you can find the latest version in the code repository, or for your viewing convenience, I just made an HTML version.
Today, though, to go with that spec, I’m happy to announce working code for a subset of the protocol. This covers the trickiest part – a fully backwards compatible SSL handshake between servers and clients. The rest of the protocol will necessarily all be new code for interacting with the log server and other new components, and so should not have these issues.
If you build the code according to the README, then you will find instructions in test/README for the demo.
What this does, in short, is the following:
There’s plenty more to be done, but this is the part that needs the earliest scrutiny, since we are bending the rules to get back compatibility and avoid the need to change server software. Client software has to change anyway to provide any benefit to users, so that’s less of a worry.
We welcome discussion, suggestions and questions on the mailing list."
- Run an Apache 2.2 instance to serve the self-signed certificate and the log proof certificate. Note that Apache is unmodified, all that is needed is appropriate configuration.
There’s plenty more to be done, but this is the part that needs the earliest scrutiny, since we are bending the rules to get back compatibility
and avoid the need to change server software.
...since we are bending the rules...
Hi Ben.
- Run an Apache 2.2 instance to serve the self-signed certificate and the log proof certificate. Note that Apache is unmodified, all that is needed is appropriate configuration.
When installing a certificate issued by a third-party CA, a significant number of website operators fail to perform "appropriate configuration" for SSLCertificateChainFile even though they have been given clear instructions.
I'd expect an even higher rate of screw-ups if they have to install an extra audit-proof "certificate" too!
There’s plenty more to be done, but this is the part that needs the earliest scrutiny, since we are bending the rules to get back compatibility
IIRC, adding that extra certificate will break the default browser in Android <=2.1, which today would affect ~9.2% of all Android users (http://developer.android.com/resources/dashboard/platform-versions.html).
and avoid the need to change server software.
So it works for Apache. And it'll work for nginx too.But it won't work for IIS unless you either...1. Write a server-side "plugin" that hooks (perhaps using Microsoft Detours) various CryptoAPI functions, notably CertGetCertificateChain()...and somehow persuade all IIS users to install this plugin.or2. Work with the CAs to get the audit proof embedded into the real certificate so that you don't need the extra certificate.
...since we are bending the rules...
Let's be clear: Adding the audit proof as a self-signed "certificate" _breaks_ the rules. The TLS WG would have a fit.
But if the audit proof could be embedded into the real certificate, no rules would be broken.
On 2 March 2012 10:10, Rob Stradling <r...@comodo.com> wrote:Hi Ben.
- Run an Apache 2.2 instance to serve the self-signed certificate and the log proof certificate. Note that Apache is unmodified, all that is needed is appropriate configuration.
When installing a certificate issued by a third-party CA, a significant number of website operators fail to perform "appropriate configuration" for SSLCertificateChainFile even though they have been given clear instructions.
I'd expect an even higher rate of screw-ups if they have to install an extra audit-proof "certificate" too!Possibly, but these screwups should be immediately apparent, in that browsers will give scary warnings. AIUI this is less true for chaining certs coz sometimes browsers know them and sometimes they don't.
There’s plenty more to be done, but this is the part that needs the earliest scrutiny, since we are bending the rules to get back compatibility
IIRC, adding that extra certificate will break the default browser in Android <=2.1, which today would affect ~9.2% of all Android users (http://developer.android.com/resources/dashboard/platform-versions.html).Hmmm ... pretty sure we didn't see that much breakage when we tested, but that sort of thing does need dealing with somehow!
and avoid the need to change server software.
So it works for Apache. And it'll work for nginx too.But it won't work for IIS unless you either...1. Write a server-side "plugin" that hooks (perhaps using Microsoft Detours) various CryptoAPI functions, notably CertGetCertificateChain()...and somehow persuade all IIS users to install this plugin.or2. Work with the CAs to get the audit proof embedded into the real certificate so that you don't need the extra certificate.We can certainly consider an option for this, but it does cause substantial complication. I admit I have not yet looked at IIS - I hope you're wrong!
I mentioned this to AGL a couple of months ago. He replied:"Thanks to your hint, I've confirmed that Android < 2.2 rejects certificate chains with superfluous certificates."