Introduction| ipng.ch
Introduction| ipng.ch
The Certificate Transparency ecosystem has been improving transparency for the web PKI since 2013. It helps make clear exactly what certificates each certificate authority has issued and makes sure errors or compromises of certificate authorities are detectable. Let’s Encrypt participates in CT both as a certificate issuer and as a log operator. For the past year, we’ve also been running an experiment to help validate a next-generation design for Certificate Transparency logs.| letsencrypt.org
Certificate transparency (CT) is such a useful research tool and I’d been wanting to learn more about it for a while. After Sunlight was announced last year, I decided the best way to learn was to write a CT log, and set off on quite the adventure. T...| Transparency.dev Community Blog
Certificate Transparency is a security standard that logs and monitors SSL/TLS certs. This guide explains what it is and why it matters.| SSLInsights
This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.| IETF Datatracker
Introduction to TLS v1.3| www.gabriel.urdhr.fr
Lets prefix this with: I really love Transparency Logs! It’s a fairly simple concept: If you hash elements together in a binary tree, you can validate and verify if elements are present on a tree by hashing a couple of elements. This is what is commonly known as a Merkle tree. I forget the math, but if you have a tree with a million items, you would only really need less than 10 hashes (I think) to figure out what the hash of the top node would be.| linderud.dev
This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates ...| IETF Datatracker
Admission Controller # The policy-controller admission controller can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign. policy-controller also resolves the image tags to ensure the image being ran is not different from when it was admitted. See the installation instructions for more information. This component is still actively under development! Today, policy-controller can automatically validate signatures and attestations on container ...| Sigstore
