It took us a long time, but objectively, Certificate Transparency is a success. We had to make numerous technology tradeoffs to make it something that the CAs would adopt, some of which introduced problems that took even longer to tackle. However, we managed to create an ecosystem that makes the issuance practices of the web transparent and verifiable.
We need to go further, though. One of the next bits of transparency I would like to see is CAs producing logs of what went into their issuance decisions and making this information public. This would be useful in several scenarios. For example, imagine a domain owner who discovers a certificate was issued for their domain that they didn’t directly request. They could look at this log and see an audit history of all the inputs that went into the decision to issue, such as:
- When was the request for the certificate received?
- What is the hash of the associated ACME key that made the request?
- When CAA was checked, what did it say? Was it checked via multiple perspectives? Did all perspectives agree with the contents?
- When Domain Control was checked, did it pass? Which methods were used? Was multiple perspectives used? Did all perspectives agree with the contents?
- What time was the pre-certificate published? What CT logs was it published to?
- What time was the certificate issued?
- What time was the certificate picked up?
This is just an example list, but hopefully, it is enough to give the idea enough shape for the purpose of this post. The idea here is that the CA could publish this information into cheap block storage files, possibly. I imagine a directory structure something like: ” /<CA CERTHASH>/<SUBJECT CERTHASH>/log”
The log itself could be a merkle tree of these values, and at the root of the directory structure, there could be a merkle tree of all the associated logs. Though the verifiability would not necessarily be relied upon initially, doing the logging in this fashion would make it possible for these logs to be tamper-evident over time with the addition of monitors.
The idea is that these logs could be issued asynchronously, signed with software-backed keys, and produced in batches, which would make them very inexpensive to produce. Not only would these logs help the domain owner, but they would also help researchers who try to understand the WebPKI, and ultimately, it could help the root programs better manage the CA ecosystem.
This would go a long way to improving the transparency into CA operations and I hope we see this pattern or something similar to it adopted sooner rather than later.
I actually proposed something almost exactly the same about 3-4 years ago, but it went nowhere because a certain Google employee hated it and shouted it down.
I do think there is a lot of information about the validation process that CAs could be much more transparent about. A lot of the internal steps and their results have no legitimate reason to be secret.
I don’t recall your proposal but I can totally see that having happened. Ive been carrying this around for a while too. I had hoped to do this in 2023 at Google to set an example, maybe you can champion at DigiCert regardless of a requirement?