Everything you always wanted to know about Certificate Transparency: (but were afraid to ask)

Presented at 33C3 (2016), Dec. 27, 2016, 11:30 a.m. (60 minutes)

Certificate transparency - what is it, and what can be done with it?

Certificate Transparency is the new kid on the block of TLS. Specified as RFC6962 it is designed to prevent fraudulently issued TLS certificates, and detect wrongdoing from Certificate Authorities.

This talk will present Certificate Transparency in full details. Beginning from the attacks it prevents, key players and threat models, we will dive into the public data that is readily available and present ideas how to enhance its ecosystem as a whole.

Presenters:

• Martin Schmiedecker
  ... is researcher for computer security and digital forensics in Vienna. Works for SBA Research. Member of C3Wien.

Links:

• https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8167.html

Similar Presentations:

• ShmooCon XIV (2018) / CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency
• DEF CON 26 (2018) / Lost and Found Certificates: dealing with residual certificates for pre-owned domains
• DEF CON 25 (2017) / Abusing Certificate Transparency Logs