Preparing for Chrome’s Certificate Transparency Policy: Expect-CT With Reporting in ASP.NET Core

Preparing for Chrome’s Certificate Transparency Policy: Expect-CT With Reporting in ASP.NET Core

http://ift.tt/2qQQGl7

Google’s Certificate Transparency project is an open framework for monitoring and auditing SSL certificates. The goal of the project is the detection of mis-issued/malicious certificates and the identification of rogue Certificate Authorities. In October 2016, Google announced that Chrome will require compliance with Certificate Transparency. The date for enforcing this requirement was initially set to October 2017 and was later changed to April 2018.

Back in December 2016, the draft of Expect-CT Extension for HTTP has been submitted and quickly followed by a call for adoption. The draft introduces the Expect-CT response header which will allow hosts to either test or enforce the Certificate Transparency policy. The draft has been adopted and is currently in IETF stream, while the header support is already in development for Chrome (the Security Engineering team at Mozilla has also expressed interest in providing this type of support in Firefox in 2017).

java

via DZone.com Feed https://dzone.com

May 23, 2017 at 07:39AM

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s