Characterizing the Root Landscape of Certificate Transparency Logs

TL;DR

This paper analyzes the evolving landscape of root stores in Certificate Transparency logs, comparing them to major software vendors, and investigates how root store management impacts log behavior and security.

Contribution

It provides the first comprehensive characterization of CT root stores, introduces a new analysis tool, and examines the relationship between root store management and log integrity.

Findings

CT logs maintain their own root lists and show evolving policies.

Root store mismanagement may be linked to log misbehavior.

Survey results reveal operator perspectives on CT log policies.

Abstract

Internet security and privacy stand on the trustworthiness of public certificates signed by Certificate Authorities (CAs). However, software products do not trust the same CAs and therefore maintain different root stores, each typically containing hundreds of trusted roots capable of issuing "trusted" certificates for any domain. Incidents with misissued certificates motivated Google to implement and enforce Certificate Transparency (CT). CT logs archive certificates in a public, auditable and append-only manner. The adoption of CT changed the trust landscape. As a part of this change, CT logs started to maintain their own root lists and log certificates that chain back to one of the trusted roots. In this paper, we present the first characterization of this emerging CT root store landscape, as well as the tool that we developed for data collection, visualization, and analysis of the root stores. We compare the logs' root stores and quantify their changes with respect to both each other and the root stores of major software vendors, look at evolving vendor CT policies, and show that root store mismanagement may be linked to log misbehavior. Finally, we present and discuss the results of a survey that we have sent to the log operators participating in Apple's and Google's CT log programs.