Technical Summary
This document describes an experimental protocol for publicly logging
the existence of TLS certificates as they are issued or observed, in
a manner that allows anyone to audit certificate authority activity
and notice the issuance of suspect certificates, as well as to audit
the certificate logs themselves. The intent is that eventually
clients would refuse to honor certificates which do not appear in a
log, effectively forcing CAs to add all issued certificates to the
logs.
Logs are network services which implement the protocol operations for
submissions and queries that are defined in this document.
Working Group Summary
This is an AD sponsored document. It has been discussed on
therightkey@ietf.org starting in September 2012. It has undergone
two IETF last calls, the 2nd due to the authors changing (based
on LC comments) to request a TLS codepoint that required IETF
Review. There's also a google group list. [1]
The plan would be to allow some experimentation to happen.
[1] https://groups.google.com/group/certificate-transparency
Document Quality
Google have an implementation. [2]
The document was updated on March 20th to -09 but only
to add some new acknowledgements and a clarification
about error content.
[2] http://code.google.com/p/certificate-transparency/
Personnel
Stephen Farrell is the shepherd and AD.