Certificate Transparency - Web security 编辑

Certificate Transparency is an open framework designed to protect against and monitor for certificate misissuances. Newly issued certificates are 'logged' to publicly run CT logs which maintain an append-only, cryptographically assured record of issued TLS certificates.

In this way, certificate authorities (CAs) can be subject to much greater public scrutiny and oversight. Potentially malicious certificates, such as those that violate the CA/B Forum Baseline Requirements, can be detected and revoked much more quickly. Browser vendors are also empowered to make more informed decisions regarding problematic CAs that they may decide to distrust.