Explore the challenges and impact of Certificate Transparency (CT) deployment in this 21-minute IEEE conference talk. Delve into the adoption rates of CT on the web and analyze error rates experienced by Google Chrome users. Discover how CT, an emerging system for rapid detection of malicious or misissued certificates, has been widely implemented with minimal disruption. Examine the delicate balance between enhancing security and avoiding user frustration when rolling out new requirements. Learn from CT as a case study in deploying ecosystem-wide changes while minimizing end-user impact. Gain insights into the design properties that contributed to CT's success and identify lessons from its risks and pitfalls to inform future large-scale security deployments.
Overview
Syllabus
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate
Taught by
IEEE Symposium on Security and Privacy