Today we announced that Sectigo is sponsoring Let’s Encrypt’s new Certificate Transparency (CT) log "Oak." As Let’s Encrypt’s CT log sponsor, Sectigo makes it economically possible for Let’s Encrypt, a non-profit, to create and maintain a CT log capable of meeting high-volume needs.
What is Certificate Transparency (CT)?
Certificate Transparency is an ecosystem framework initiated by Google that enables visibility on the world’s SSL certificates through the creation and maintenance of publicly-accessible logs of issued certificates. Interested parties may maintain public logs that CAs can use to register the TLS certificates they issue. CT is available for all three levels of SSL authentication (Extended Validation [EV], Organization Validation [OV], and Domain Validation [DV]).
Certificate Transparency has a few potential advantages for companies’ control of their online presence and overall online security.
A few companies maintain CT logs today. CAs most likely aren’t logging certificates across all available CT logs and may not even use the same logs every time. That can add a layer of complexity to these tasks. To help interested parties use the information available in CT logs, Sectigo offers crt.sh. This service accumulates the contents of known CT logs in a single, searchable interface.
Why sponsor a CT log from Let’s Encrypt?
The number of available CT logs that can accommodate high volume certificate issuance is quite small. That leaves the certificate logging ecosystem in a fragile state. If only one or two CT logs went offline or experienced performance problems or outages, Certificate Authorities might not be able to log their certificates as Google Chrome requires.
To increase CAs’ logging options and reduce the likelihood of a condition where CAs cannot meet these logging requirements, Sectigo and Let’s Encrypt have joined forces to launch the Let’s Encrypt's Oak CT log. As Let’s Encrypt’s CT log sponsor, Sectigo makes it economically possible for Let’s Encrypt, a non-profit, to create and maintain a CT log capable of meeting high-volume needs.
This partnership is one of many examples of how CAs can work together to ensure the security, interoperability, and ubiquity of both public and private PKI. Sectigo proudly contributes to industry efforts such as the CA/Browser Forum, IETF, WiMAX Forum, GSMA, the Open Connectivity Foundation, and the CA Security Council, working directly with other industry players to these ends.