Skip to main content

Certificate Transparency

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>
Subject: Document Action: 'Certificate Transparency' to Experimental RFC (draft-laurie-pki-sunlight-12.txt)

The IESG has approved the following document:
- 'Certificate Transparency'
  (draft-laurie-pki-sunlight-12.txt) as Experimental RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Stephen Farrell.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document describes an experimental protocol for publicly logging
   the existence of TLS certificates as they are issued or observed, in
   a manner that allows anyone to audit certificate authority activity
   and notice the issuance of suspect certificates, as well as to audit
   the certificate logs themselves.  The intent is that eventually
   clients would refuse to honor certificates which do not appear in a
   log, effectively forcing CAs to add all issued certificates to the

   Logs are network services which implement the protocol operations for
   submissions and queries that are defined in this document.

Working Group Summary

  This is an AD sponsored document. It has been discussed on starting in September 2012. It has undergone
  two IETF last calls, the 2nd due to the authors changing (based
  on LC comments) to request a TLS codepoint that required IETF 
  Review.  There's also a google group list. [1]

  The plan would be to allow some experimentation to happen.


Document Quality

  Google have an implementation. [2] 

  The document was updated on March 20th to -09 but only
  to add some new acknowledgements and a clarification
  about error content.



   Stephen Farrell is the shepherd and AD.

RFC Editor Note