Trust in publicly verifiable Certificate Transparency (CT) logs is reducedthrough cryptography, gossip, auditing, and monitoring. The role of a monitoris to observe each and every log entry, looking for suspicious certificatesthat interest the entity running the monitor. While anyone can run a monitor,it requires continuous operation and copies of the logs to be inspected. Thishas lead to the emergence of monitoring-as-a-service: a trusted party runs themonitor and provides registered subjects with selective certificatenotifications, e.g., "notify me of all foo.com certificates". We present aCT/bis extension for verifiable light-weight monitoring that enables subjectsto verify the correctness of such notifications, reducing the trust that isplaced in these monitors. Our extension supports verifiable monitoring ofwild-card domains and piggybacks on CT's existing gossip-audit security model.
展开▼
