Hi tls@ I'd like to share a document I've been working on for a while, forwarded below. It essentially is a stab at what Certificate Transparency would look like if it were built on top of Key Transparency. This document primarily covers the TLS extension and the operation of the TLS server, while the in-depth description of the transparency protocol is left to the keytrans protocol document.
Since the system is built on KT, it allows website operators to efficiently audit the certificates that have been issued for their domains, and this remains secure regardless of any amount of collusion by trusted parties. It also provides fast, fail-closed revocation. Let me know your thoughts, and if you generally feel we should continue to develop this document. Thank you! ---------- Forwarded message --------- From: <[email protected]> Date: Sun, Jun 29, 2025 at 9:13 AM Subject: New Version Notification for draft-mcmillion-tls-transparency-revocation-00.txt To: Brendan McMillion <[email protected]>, Dennis Jackson < [email protected]>, Devon O'Brien <[email protected]> A new version of Internet-Draft draft-mcmillion-tls-transparency-revocation-00.txt has been successfully submitted by Brendan McMillion and posted to the IETF repository. Name: draft-mcmillion-tls-transparency-revocation Revision: 00 Title: Reliable Transparency and Revocation Mechanisms Date: 2025-06-29 Group: Individual Submission Pages: 44 URL: https://www.ietf.org/archive/id/draft-mcmillion-tls-transparency-revocation-00.txt Status: https://datatracker.ietf.org/doc/draft-mcmillion-tls-transparency-revocation/ HTML: https://www.ietf.org/archive/id/draft-mcmillion-tls-transparency-revocation-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-mcmillion-tls-transparency-revocation Abstract: This document describes reliable mechanisms for the publication and revocation of Transport Layer Security (TLS) certificates. This reliability takes several forms. First, it provides browsers a strong guarantee that all certificates they accept are truly published and unrevoked at the time they're accepted. Second, it allows operators to monitor for mis-issuances related to their websites in a highly efficient way without relying on third-party services. Third, it provides a high degree of operational redundancy to minimize the risk of cascading outages. The IETF Secretariat
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
