Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Dark Side of Certificate Transparency (sans.edu)

Posted by EditorDavid on from the extra-credentials dept.

Slashdot reader UnderAttack writes: Certificate Transparency is a system promoted by companies like Google that requires certificate authorities to publish a log of all certificates issued. With certificate transparency, you can search these logs for any of the domains you own, to find unauthorized certificates. However, certificates are not only used for public sites. And with all certificates being published, some include host names that are not meant to be publicly known. An update of the standard is in the works to allow entities to obfuscate the host name, but until then, certificate transparency logs are a good recognizance source.

3 of 62 comments (clear)

  1. Stupid by Anonymous Coward · · Score: 2, Informative

    This is stupid. Transparency is good. Don't rely on security through obscurity. If that's your method to keep secrets, you deserve what you get. There's no legitimate reason why you should have a secret hostname that's not otherwise secured, if you don't want people accessing it.

  2. Re:solving the wrong problem by lkcl · · Score: 3, Informative

    huh. like this. how about that - someone's already done it. https://github.com/okTurtles/d...

  3. Security through obscurity of interna domain name? by Wrath0fb0b · · Score: 4, Informative

    Seriously, does this bozo think that there is any security benefit if an attacker doesn't know your internal domain names? What in the world does that buy?

    PS. Editors: reconnaissance != recognizance. Holy hell what a train wreck.