Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.
@article{arxiv.1703.02209,
title = {Certificate Transparency with Privacy},
author = {Saba Eskandarian and Eran Messeri and Joseph Bonneau and Dan Boneh},
journal= {arXiv preprint arXiv:1703.02209},
year = {2017}
}