SCT Auditing is a new feature to have opted-in clients send a sample of the signed certificate timestamps (SCTs) they encounter to an auditor (for Chrome this is Safe Browsing) in order to monitor and detect misbehaving Certificate Transparency (CT) logs (see our previous
public design doc on Opt-in SCT Auditing for more details). Currently, the
SCTAuditingCache only does best-effort sending of SCT audit reports to Safe Browsing. We want to extend this to be more resilient to transient failure modes (for long definitions of “transient”), including some adversarial failure modes where a network attacker can block reports. To make sending reports more robust, we plan to (1) change the SCTAuditingCache to retry sending reports over time, and (2) persist pending reports to disk so that retries can span across browser sessions.
Mac, Windows, Linux, Chrome OS (we do not currently enforce Certificate Transparency on Android or iOS)