The IESG has approved the following document: - 'Certificate Transparency' (draft-laurie-pki-sunlight-12.txt) as Experimental RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-laurie-pki-sunlight/ Technical Summary This document describes an experimental protocol for publicly logging the existence of TLS certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority activity and notice the issuance of suspect certificates, as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates which do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. Logs are network services which implement the protocol operations for submissions and queries that are defined in this document. Working Group Summary This is an AD sponsored document. It has been discussed on therightkey@ietf.org starting in September 2012. It has undergone two IETF last calls, the 2nd due to the authors changing (based on LC comments) to request a TLS codepoint that required IETF Review. There's also a google group list. [1] The plan would be to allow some experimentation to happen. [1] https://groups.google.com/group/certificate-transparency Document Quality Google have an implementation. [2] The document was updated on March 20th to -09 but only to add some new acknowledgements and a clarification about error content. [2] http://code.google.com/p/certificate-transparency/ Personnel Stephen Farrell is the shepherd and AD.
