Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Cats in My Certificate Transparency Logs

Security BSides San Francisco via YouTube

Overview

Explore the world of Certificate Transparency (CT) logs in this 33-minute conference talk from BSidesSF 2019. Dive deep into the mechanics of CT logs, their role in web security, and their potential for misuse. Learn how these append-only logs bring auditability and accountability to the public web certificate ecosystem. Discover the importance of CT logging in modern browsers like Chrome and its impact on the web's ecosystem. Investigate novel and potentially nefarious uses of CT logs, including their unexpected role as a repository for cat pictures. Gain insights into the structure of CT logs, Signed Certificate Timestamps (SCTs), and how they can be exploited. Through examples and demonstrations, understand concepts like public keys, persistent data storage, chunking, and cataloging in the context of CT logs. Conclude with a discussion on entropy, multi-domain certificates, and final thoughts on the implications of this technology for internet security and unexpected uses.

Syllabus

Intro
Alice and Bob
Certificate Authorities
Cats
Certificate Transparency
What is a CT Log
How does a CT Log protect us
What is an SCT
How SCT logs can be abused
Public keys
Persistent data storage
Example
Chunking
Catalog
Demo
Who is this person
Summary
Entropy
Googlecom
Multidomain ProPer
Wrap Up
Final Thoughts
Outro

Taught by

Security BSides San Francisco

Reviews

Start your review of Cats in My Certificate Transparency Logs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.