Google announced the requirement for Certificate Transparency for all new SSL/TLS certificates in October 2017. This requirement means that Chrome will no longer trust new SSL/TLS certificates that are not qualified for Certificate Transparency (CT).
CT is a method to publish all certificates in one or more publicly available CT logs, which meet the qualification requirements established by Google. CT logs can be audited to ensure they are honest. Domain owners can use the CT logs to monitor their domains and discover of SSL/TLS certificates.
Certificate Transparency Benefits
There are two main benefits of CT:
- Domain Security: Owners of domains can monitor CT logs to see what certificates have been issued for their domains. This supports domain owner detection of fraudulent certificates, which may be used to attack their organization or users.
- Certificate Evaluation: Researchers can monitor or specifically review certificates to determine quality and compliance to SSL/TLS industry obligations.
Domain Name Redaction
A disadvantage of logging all SSL/TLS certificates is some domain names exposed may be considered private or security sensitive. Although many SSL/TLS certificates are available to the public, some are internal. Exposing all domain names would give an attacker a blue print of all secure servers. In addition, server host names of can expose their purpose or confidential information (e.g., payments.example.com).
Domain name redaction would provide a method for CT logging while protecting the privacy of domain names. A proposed redaction method would be to replace the private domain name with a question mark. For instance, a certificate for “payments.example.com” would be logged with the domain name “?.example.com”.
Domain name redaction has been a topic for consideration since 2014 in the IETF, but was not addressed in the standard RFC 6962. Google did not permit redaction in their certificate transparency plan for EV SSL/TLS certificates starting in 2015. Redaction is still under consideration for the development of the new CT draft standard RFC 6962-bis, but is not currently supported.
Keeping Domain Names Private
When considering CT logging of public-trust certificates, there are several ways domain names can be kept private:
- Do not add private domains to the CT log: If the certificate is not CT logged, then the private domain name will not be exposed. In an enterprise, Chrome can be configured to disable certificate transparency enforcement for specific URLs.
- Issue Private Trust Certificate: Private trust certificates do not have to be CT logged as their root certificates are not trusted by CT logs.
- Issue a Wildcard Certificate: Wildcard certificates may or may not expose private domains. For instance, the name “topsecret” could be protected by issuing a wildcard certificate *.example.com instead of topsecret.example.com; however, *.topsecret.example.com would expose “topsecret.”
It appears that there are drawbacks to all of the available options. If domain owners do not CT log, it will cause trust issues with Chrome. Issuing a private trust certificate would require the private trust root certificate to be distributed to all clients. Lastly, wildcard certificates may provide security issues by using a single key pair to protect many subdomains.
Entrust Datacard and other certification authorities are looking for use cases where the domain owner considers their domain name needs to be protected. The goal is to propose technical options and policy statements for domain name redaction.
Here’s a CT survey for domain owners. Please take a moment to complete. Your feedback is greatly appreciated and will help us to make improvements that protect your domain privacy.