CERTIFICATE-TRANSPARENCY
Public append-only logs of issued certificates.
Definition
CT requires Chrome/Safari/Firefox to reject certificates without SCT (Signed Certificate Timestamps) from at least 2 CT logs. Public tools: crt.sh, Censys. Helps detect compromised CAs (DigiNotar 2011), malicious certificates, phishing domains.
Origin
Designed by Ben Laurie and Adam Langley (Google) in 2013 ; RFC 6962 published June 2013 ; RFC 9162 (CTv2) November 2021.
Example in context
A security engineer monitors crt.sh for new certificate issuances on *.company.com.
Related terms
- X.509 PKI — audited infrastructure.