Certificate Transparency

During the last few years, publicly trusted SSL certificates have been issued — either maliciously or by mistake — to unauthorized domain names. These mis-issuances are typically caused by attackers or simply a mistake by a certification authority (CA).

Proposed by members of Google via RFC 6962, Certificate Transparency is a specification that helps mitigate the mis-issuance of SSL certificates. This proposal calls for new policy that helps publicize certificate issuance via established logs, which will be auditable for reliance and monitored to detect when a certificate was issued for any specific domain name.