On December 31, 2014 DigiCert’s Certificate Transparency (CT) log completed Google’s testing period and was approved for inclusion in Chrome.
DigiCert’s log is the first log from a Certificate Authority to be accepted and follows a mandatory monitoring period that began in September 2014. The inclusion of a log requires a high degree of availability and a log unable to meet these requirements is not included in Chrome.
On February 1, Chrome will be updated to include the three logs that have approved: two operated by Google and one operated by DigiCert. Proofs from these logs will be required in all EV certificates in order for the certificates to continue to show the green bar. One-year EV certificates will require proofs from two logs and two-year EV certificates will require proofs from three logs.
In the first phase, these proofs can come from any log regardless of operator. However, starting in July 2015 each proof must come from an independent log.
Though there are an three additional three logs pending inclusion, DigiCert’s is currently the only independent log. Because of this, we have taken extra precautions to ensure that our log is robust enough to handle a large volume of certificates.
The Future of CT
The success of CT depends on the support of many different parties, including multiple independent companies running public CT logs. This allows domain owners and other interested parties to monitor the logs and detect certificates that were either misissued or unauthorized.
DigiCert strongly supports the transparency that Google is promoting and has shown this support by implementing CT in all of our systems. We hope that other companies see our log’s acceptance as a step forward in the widespread adoption of CT and follow our example in creating a CT log.