Certificate Transparency Deadline Moved to April 2018

Wednesday May 3, 2017

Google just announced they will not be enforcing certificate transparency (CT) logging for all new TLS certificates until April 2018. In a previous blog post, we advised that Google provided a new policy, which required new TLS certificates to be published to the CT logs in order for the domain to be trusted by Chrome.

The reason for the delay was not clear, but Google needs to consider the following:

  • Overall CT policy discussions with the major stakeholders are underway, but we are still far away from a conclusion.
  • Other browsers appear to be supporting CT, but have yet to determine their policies or advance their browser code.
  • The CT deployment document, RFC 6962-bis, tracked by IETF standards has not been released.
  • The proposed document for CT Domain Label Redaction that addresses privacy has started, but has not been adopted or completed by the IETF.
  • Sufficient, scalable, and reliable CT logs have not been deployed by the ecosystem to address the increase in requirements.

Certification authorities (CAs) as well as TLS certificate subscribers will welcome the extra time to help ensure that deployment of CT logging is efficient and seamless.

This article was originally published by the "CA Security Council". In 2021 the CASC was restructred and renamed to the "Public Key Infrastructure Consortium" shortly "PKI Consortium".

Learn more about the PKI Consortium
Participate in our community discussions and/or join the consortium