Certificate Transparency with Privacy
This addresses privacy challenges for users and organizations in the deployment of CT, with incremental improvements to existing mechanisms.
The paper tackled privacy issues in Certificate Transparency (CT) by proposing practical solutions for enabling web browsers to audit CT logs without compromising user privacy and extending CT to support non-public subdomains.
Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.