What Is SSL Transparency and How It Works for an SSL?
With the help of modern cryptography, it is possible for the web browsers to detect such SSL certificates which are fake or provisioned with forged. Anyhow, these web browsers are not able to detect some essential issues relevant to the SSL certificates like these web browsers are not able to detect those websites which have got SSL certificates mistakenly. With the help of these SSL certificates, these websites provide an idea to the users that they are visiting authentic and well-reputed websites. In order to detect these malicious websites, SSL transparency has been introduced. Here, top dissertation writing services will discuss the working model of SSL transparency.
Aims of SSL Transparency
The main aim of the SSL transparency is to detect those certificate-based threats which are helpful for us to secure the issuance and existence of the SSL certificates. Some essential goals of the SSL transparency are explained below;
- It is not possible for the CA to provide an SSL certificate to that website whom the owner is not visible to us.
- After issuing the SSL certificates, it will also audit the websites in order to get an idea either these SSL certificates are issued to the malicious websites or to the authentic websites. For this reason, they have an open monitoring system.
- After finding those malicious websites which have mistakenly got SSL certificates, the next step is to protect users of these websites from the attack of the hackers.
All of these goals of the SSL transparency are possible only if it has adopted an open monitoring system. The main framework of SSL transparency consists of the following three steps;
Certificate logs are helpful for the SSL transparency to keep a record of the certificates. In this record, they will keep only those websites which are publically auditable. They are providing a service that anyone can submit this certificate to the logs and after verification of these certificates from the authorities; these websites will be considered as authentic websites. For the purpose of the cryptographic proof, it is also possible for all the website owners to submit a query log. This kind of proof will show the authorities that a particular website is authentic and it is also behaving properly. While submitting logs, you should make sure that the number of log servers should not be more than one thousand. Moreover, all the log servers should be operated by the independent and interested parties like CA and ISP.
There are authentic monitors which are working for the SSL transparency. The main purpose of these monitors is to contact the log servers on a regular basis and get an idea about those websites which are involved in any kind of suspicious activity. While monitoring if they find that a specific domain is behaving suspiciously, they will take an overview of the certificate of this domain. As a result, if they consider that this is a serious issue, they cancel the certificate of that domain. On the other hand, if they consider that issue is not serious enough, they give warning to that domain. The alerts of SSL transparency monitors are just like credit card alerts.
Along with monitors, there are also some auditors which are working for SSL transparency. These auditors are components of lightweight software and these auditors perform two specific kinds of functions. First of all, they take an overview of the logs. While taking an overview of the logs, if these auditors detect that a specific log is not working well, they will ask to this log that it should provide an explanation for it. If it doesn’t provide an explanation for it, it will be shut down. Secondly, they will take an overview of the particular certificate in the log. This is known as the most important part of the auditors. Its reason is that it is the requirement of SSL transparency that the SSL certificates of all the domains should also be registered in the logs.
While auditing, if they find that a specific certificate is not registered, they will consider that this certificate is suspicious and they will also cancel the SSL certificate of that domain. Almost all the CAs are using these auditors because these auditors are considered as the best way to get insight into all the operational activities of a website. Moreover, these certificates are also helpful for all the newly created websites to get an idea either their websites are legitimate for the users or not. With the help of this working model, it is possible for SSL transparency to take better oversight of the entire SSL system.