dfri/ users/ linus/ starT (*T)

Certificate Transparency is a system for detecting misissuance of X.509 certificates ("SSL certs"). It uses a public, non-trusted, append-only log together with monitors and auditors of said log to store and publish all issued certificates. The log is used to make it possible for domain owners to keep an eye on certificates claiming to bind their domain name to a public key.

There are numerous uses for public, non-trusted, append-only logs! How many are there?

Certificate Transparency

  • https://tools.ietf.org/html/rfc6962
  • http://www.certificate-transparency.org/

DNSSEC Transparency

Tor Consensus Transparency

  • https://gitweb.torproject.org/user/linus/torspec.git/blob_plain/refs/heads/tct:/proposals/ideas/xxx-tor-consensus-transparency.txt

Binary Transparency

Including JavaScript.

Revocation Transparency

  • https://www.links.org/files/RevocationTransparency.pdf

More ideas

Access logs related to data retention

When did authorities access data stored due to data retention? Were they allowed to access the data at that point in time? If not properly recorded, should any data claimed to have been gathered due to data retention be admissible?

Think "making parallel construction harder".

Records of access to sensitive data

According to "Patientdatalagen" (~the patient data protection act) in Sweden, patients have the right to see when their medical records were accessed. Log all access, use transparency logs to replace the current centralised logging system, empower patients to challenge hospitals to account for all their access to patient data.

Provenance

In any system that supports generating provenance, use transparency logs to store the provenance. This may include issuance of e.g. driver licenses, grades, house ownership, taxes, processes in e.g. banking where you apply for a loan.

Syslog

Write a syslog pipe to transparency logs: now you just made all your logging data tamper-evident?

BAT -- BGP announcement transparency

or "BUT -- BGP update transparency"

embargoed mailing lists

solar designers idea from CII 2015

timestamping service

IETF documents

in-notes and internet-drafts