Google just announced they will not be enforcing certificate transparency (CT) logging for all new TLS certificates until April 2018. In a previous blog post, we advised that Google provided a new policy, which required new TLS certificates to be published to the CT logs in order for the domain to be trusted by Chrome.

The reason for the delay was not clear, but Google needs to consider the following:

  • Overall CT policy discussions with the major stakeholders are underway, but we are still far away from a conclusion.
  • Other browsers appear to be supporting CT, but have yet to determine their policies or advance their browser code.
  • The CT deployment document, RFC 6962-bis, tracked by IETF standards has not been released.
  • The proposed document for CT Domain Label Redaction that addresses privacy has started, but has not been adopted or completed by the IETF.
  • Sufficient, scalable, and reliable CT logs have not been deployed by the ecosystem to address the increase in requirements.

Certification authorities (CAs) as well as TLS certificate subscribers will welcome the extra time to help ensure that deployment of CT logging is efficient and seamless.

Bruce Morton

Bruce Morton

Bruce Morton is a pioneering figure in the PKI and digital certificate industry. He currently serves as Director for Certificate Services at Entrust Datacard, where he has been employed since 1999. His day-to-day responsibilities include managing standards implementations, overseeing Entrust Datacard’s policy authority, and monitoring Entrust Certificate Service for industry compliance.