LEHI, UT–(Marketwired – September 24, 2013) – DigiCert, Inc., a leading global authentication and encryption provider, announced today that it is the first Certificate Authority (CA) to implement Certificate Transparency (CT). DigiCert has been working with Google to pilot CT for more than a year and will begin adding SSL Certificates to a public CT log by the end of October.
DigiCert welcomes CT as an important step toward enhancing online trust. For several months, DigiCert has been working with Google engineers to test Google’s code, provide feedback on proposed CT implementations, and build CT support into the company’s systems. This initiative aligns with DigiCert’s focus to improve online trust — including tight internal security controls, development and adoption of the CA/Browser Forum Baseline Requirements and Network Security Guidelines, and participation in various industry bodies that are focused on security and trust standards.
Google’s Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.
Certificate Transparency helps eliminate these flaws by providing an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates.
Because it is an open and public framework, anyone can build or access the basic components that drive Certificate Transparency. This is particularly beneficial to Internet security stakeholders, such as domain owners, certificate authorities, and browser manufacturers, who have a vested interest in maintaining the health and integrity of the SSL certificate system.
- DigiCert Announces Certificate Transparency Support (darkreading.com)
- DigiNotar certificate fraud addressed with Snow Leopard and Lion updates (reviews.cnet.com)
- Behind the padlock: How secure Web connections work (nbcnews.com)
- How The NSA Bypasses Online Encryption (bauer-power.net)
- HTTPS url with port number not working on iOS (stackoverflow.com)