[
https://issues.apache.org/jira/browse/TS-4245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Prakhar Rudra updated TS-4245:
------------------------------
Description:
Certificate transparency is very important for EV certificate holders. Chrome
or Firefox does not show the special green bar without this info.
This TLS extension is defined here,
https://tools.ietf.org/html/rfc6962
and the site by google,
https://www.certificate-transparency.org
This info can be delivered to the browser of end-users in one of the three
possible ways -
1) OCSP stapling
2) In the certificate itself.
3) as a TLS extension.
It is not an issue for those SSL certificates which include the CT info in the
certificate or when it is delivered through OCSP. But very few providers have
support for such.
Another thing to note is that TLS extension is probably the best method as it
provides freedom to choose other logs along with certain measure of redundancy.
Thanks
EDIT: ". A one year EV certificate requires two proofs while a two year EV
certificate requires at least three proofs."
Source: -
https://blog.digicert.com/certificate-transparency-required-ev-certificates-show-green-address-bar-chrome/
was:
Certificate transparency is very important for EV certificate holders. Chrome
or Firefox does not show the special green bar without this info.
This TLS extension is defined here,
https://tools.ietf.org/html/rfc6962
and the site by google,
https://www.certificate-transparency.org
This info can be delivered to the browser of end-users in one of the three
possible ways -
1) OCSP stapling
2) In the certificate itself.
3) as a TLS extension.
It is not an issue for those SSL certificates which include the CT info in the
certificate or when it is delivered through OCSP. But very few providers have
support for such.
Another thing to note is that TLS extension is probably the best method as it
provides freedom to choose other logs along with certain measure of redundancy.
Thanks
> Add support for Certificate transparency TLS extension
> ------------------------------------------------------
>
> Key: TS-4245
> URL: https://issues.apache.org/jira/browse/TS-4245
> Project: Traffic Server
> Issue Type: New Feature
> Components: SSL
> Reporter: Prakhar Rudra
>
> Certificate transparency is very important for EV certificate holders. Chrome
> or Firefox does not show the special green bar without this info.
> This TLS extension is defined here,
> https://tools.ietf.org/html/rfc6962
> and the site by google,
> https://www.certificate-transparency.org
> This info can be delivered to the browser of end-users in one of the three
> possible ways -
> 1) OCSP stapling
> 2) In the certificate itself.
> 3) as a TLS extension.
> It is not an issue for those SSL certificates which include the CT info in
> the certificate or when it is delivered through OCSP. But very few providers
> have support for such.
> Another thing to note is that TLS extension is probably the best method as it
> provides freedom to choose other logs along with certain measure of
> redundancy.
> Thanks
> EDIT: ". A one year EV certificate requires two proofs while a two year EV
> certificate requires at least three proofs."
> Source: -
> https://blog.digicert.com/certificate-transparency-required-ev-certificates-show-green-address-bar-chrome/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
