Certificate Transparency - Protection Against Forged Certificates

Feb 5, 2015 | Jindřich Zechmeister

Certificate transparency is a feature that increases the trustworthiness of certificates, which we wrote about back in November. You can find the theoretical background in the article  Certificate Transparency a Public Key Pinning. Today, we will take a closer look at CT, focusing in particular on its practical aspects and how it behaves in the Google Chrome browser.

Google Logo

What is Certificate Transparency and why was it created?

Certificate Transparency can essentially be characterized as the logging of issued certificates by Google, which monitors and audits them in addition to recording. Certificate Transparency only works in Chrome, other browsers do not support CT.

The new CT feature was created to increase protection against certificate forgery, which is technically called a MITM (Man in the Middle) attack. As a result, users should be more protected from attempts to use forged certificates (though such a risk is actually minimal).

Certificate Transparency is currently the domain of EV certificates with extended validation, but Google's goal is to extend the service to other types of certificates.

It's important that, from February 2015, Chrome will not display a green bar for an EV certificate issued after 1/1/2015 if the certificate is not in the CT log! ExistingSymantec, GeoTrust, and Thawte EV certificates were added to the log in December 2014, and new ones will be added automatically. Our customers need not worry.

Chrome checks public certificate records

Google Chrome has started displaying strange and incomprehensible messages regarding data disclosure. Here is an overview of four possible scenarios (the translation is drawn from the Czech version of Chrome, official translations are not yet known for some variations).

The identity of this website (organization XY) has been verified by [name of your CA], ...

  • and is publicly auditable (The identity of this website has been verified by ISSUER and is publicly auditable.) - everything is fine, and CT is working (valid timestamp).
  • but there are no public records of this organization - likely a lack of a CT record, see below
  • but this website does not have public audit records (The identity of this website has been verified by ISSUER but does not have public audit records) - CT is not working (no signed timestamp in the cert.).
  • claims to have public audit records, but they cannot be verified (own translation) - timestamp is signed, but is not in a known log and cannot be verified.
  • but public audit records failed verification (own translation) - timestamp is listed in a known log, but cannot be verified.

chrome certificate transparency

Certificate Transparency error in Google Chrome. Security setting message no longer belongs to CT.

At first, it didn't even occur to me that this message was related to Certificate Transparency, but it is. The objections to public records (audit records) are therefore related to Certificate Transparency. However, I am surprised that there is no further explanation with the message. The link to the CT record appears only for positively verified records, nothing is shown for errors.

What to do from the website operator's perspective?

It is important to choose a responsible certification authority that takes care of the publication of issued EV certificates in the CT log. Examples include Symantec, Thawte, or GeoTrust. The rest will "do itself", and the result will be positive.

The advantage for the website owner is the ability to monitor and keep track of issued certificates from the domain owner's perspective. You'll know if a major certification authority has issued a certificate for your domain; if it was without your knowledge, you can prevent misuse in time.

What happens when Certificate Transparency doesn't work?

If CT is not functioning, Chrome should not display the green EV certificate bar. With Google, however, it's hard to predict how it will ultimately insert alerts into Chrome. I expect the browser will display a warning about untrustworthiness. Currently, CT seems to affect the display of the HTTPS symbol even for lower types of certificates. Google thus creates great confusion in Chrome and notifications.

Not everything from Google is perfect

Certificate Transparency was created with the benevolent intent to enhance user protection against forged certificates. However, there are some shortcomings that I must mention.

The first is support only in Chrome; other browsers do not currently use CT. The second is Google itself, which is very aggressive in security matters and too quick to implement new features in Chrome (just remember SHA-1). Chrome is now in a state where it often shows nonsensical warnings for certificates, differently on different platforms (on Linux you might see warnings that you don't see on Windows, which can be caused by different programming speeds on the Linux version of Chrome).

The principle of Certificate Transparency is not perfect, but I won't cover all the objections here, and I will refer readers to the 1st source at the end of the article. The article's author mainly criticizes the fact that CT serves not so much to prevent MITM attacks, but rather to detect them post-factum.

The operator of the main log, i.e., Google, basically acts as though CT does not concern it. The control is left to the public, and every domain owner should check the logs themselves (!), and search to see if a fraudulent certificate has been issued for their domain (!). Logs can also be checked by "monitors" of logs, but it's unclear what they should do in case of suspicion. Similarly, it's unclear what browsers should do with a positive find in the CT log (eventually, everyone will report something different).

CT, in its current form, does not solve the situation where forged certificates originate directly from CA (which happens during a CA hack, which fortunately doesn't practically occur, or when a CA collaborates with secret services). The authority would of course publish its record in CT upon issuing the certificate.

Another drawback is that CT works automatically, and there is no opt-out, that is, the ability to cancel certificate publishing. The certificate owner cannot influence anything, and if they don't like CT, they have no choice.

Additional sources of information:

  1. The Trouble with Certificate Transparency. Criticism of Certificate Transparency's shortcomings and objections.
  2. Certificate Transparency. Google's official website for Certificate Transparency.
  3. A Comparison of HTTPS Reforms. Reflection on improvements to the SSL/TLS protocol and comparisons of these new features.
Previous article
Next article