CT compliance linter
-
Certification Authorities: Pre-issuance linting of precertificates and certificates.
-
Interested Parties: Post-issuance conformance checking.
-
Determines, using crtsh/ctloglists, which CT logs are currently or once approved for each CT Policy.
-
Audits certificates against the requirements of each applicable CT Policy, to ensure that embedded SCT lists contain a sufficient quantity and variety of SCTs from approved CT logs:
- For Server Authentication Certificates:
- the Chrome CT Policy
- the Apple CT Policy
- the Mozilla CT Policy
- For Mark Certificates:
- the CT requirements of the Mark Certificate Guidelines
- For Server Authentication Certificates:
-
Identifies precertificate issuance from a Precertificate Signing CA beyond the sunset date in the TLS BRs.
-
Checks that certificates expire within the temporal intervals of the logs that supplied the precertificate SCTs embedded in those certificates.
-
Verifies signatures on precertificate SCTs embedded in certificates, using bundled CCADB data to determine each SCT's issuer_key_hash field.
-
Validates syntax and usage of RFC6962 X.509 extensions appearing in certificates and precertificates.
Here are some real-world examples of CT-related mishaps that ctlint can detect:
-
Insufficient log operator diversity amongst SCTs embedded in a certificate
-
Invalid SCTs returned by a log and then embedded in certificates
-
SCTs obtained from logs that are not yet Usable and then embedded in certificates
-
SCTs stripped of extensions and then embedded in certificates
-
SCT extensions not base64 decoded and then embedded in certificates
ctlintcan only audit CT Policy compliance of SCTs embedded in certificates that have not yet expired, because the various log lists do not preserve details of historic log state transitions that may be relevant.