You Should Run a Certificate Transparency Log
10 months ago
- #Open Source
- #Certificate Transparency
- #Web Security
- Running a Certificate Transparency (CT) log is beneficial for web security and easier than before.
- CT logs keep Certificate Authorities honest and notify website owners of unauthorized certificates.
- The new Static CT API makes running a CT log cheaper and simpler, with static file serving.
- Sunlight implementation by Let’s Encrypt minimizes dependencies and requirements for log operation.
- Running a CT log requires modest hardware: one server, 2-3 Gbps bandwidth, and 3-5 TB storage.
- Log operators need minimal ongoing effort: monitoring policies, updating software, and rotating shards.
- Community support is available through Slack, mailing lists, and issue trackers for new operators.
- Durability is critical; data loss is unacceptable once certificates are signed and stored.
- CT logs contribute to the security of virtually every internet user and offer bragging rights.