Verifiable Light-Weight Monitoring for Certificate Transparency Logs

TL;DR

This paper introduces a lightweight, verifiable monitoring extension for Certificate Transparency logs that allows users to independently verify notifications about certificates, enhancing trust without requiring continuous log inspection.

Contribution

The paper proposes a novel CT/bis extension enabling verifiable, lightweight monitoring of logs, supporting wildcard domains and integrating with existing gossip-audit security models.

Findings

Enables users to verify certificate notifications independently.

Supports monitoring of wildcard domains.

Integrates seamlessly with existing CT gossip-audit models.

Abstract

Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring-as-a-service: a trusted party runs the monitor and provides registered subjects with selective certificate notifications, e.g., "notify me of all foo.com certificates". We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such notifications, reducing the trust that is placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT's existing gossip-audit security model.