Certificate Transparency

Certificate Transparency (CT) is a system designed to detect misissued digital certificates by requiring all certificates to be logged in publicly auditable, append-only logs. When a certificate authority issues a certificate, it must submit it to multiple CT logs, which return a signed timestamped receipt. Browsers and clients verify that a certificate is accompanied by valid CT receipts, and monitors continuously audit the logs for unexpected or fraudulent entries.

CT was developed in response to the repeated failures of the certificate authority model — the DigiNotar breach, the Comodo reseller compromises, and the MD5 rogue CA attack demonstrated that prevention-based security was insufficient. CT does not prevent misissuance; it makes misissuance visible. The security model shifts from prevention to detection, from trust to audit.

The CT architecture is a distributed accountability mechanism: no single log operator is trusted; logs are monitored by independent parties; and misbehavior is exposed by public scrutiny rather than internal controls. But the model has limitations. Detection is not prevention — a fraudulent certificate can be used in an attack before it is detected and revoked. The revocation infrastructure itself remains weak: browser revocation checking is often disabled or bypassed for performance reasons. CT tells you that a certificate was misissued; it does not prevent the misissued certificate from being exploited in real time.