{"draft":"draft-ietf-trans-rfc6962-bis-42","doc_id":"RFC9162","title":"Certificate Transparency Version 2.0","authors":["B. Laurie","E. Messeri","R. Stradling"],"format":["HTML","TEXT","PDF","XML"],"page_count":"53","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"Public Notary Transparency","abstract":"This document describes version 2.0 of the Certificate Transparency\r\n(CT) protocol for publicly logging the existence of Transport Layer\r\nSecurity (TLS) server certificates as they are issued or observed, in\r\na manner that allows anyone to audit certification authority (CA)\r\nactivity and notice the issuance of suspect certificates as well as\r\nto audit the certificate logs themselves. The intent is that\r\neventually clients would refuse to honor certificates that do not\r\nappear in a log, effectively forcing CAs to add all issued\r\ncertificates to the logs.\r\n\r\nThis document obsoletes RFC 6962.  It also specifies a new TLS\r\nextension that is used to send various CT log artifacts.\r\n\r\nLogs are network services that implement the protocol operations for\r\nsubmissions and queries that are defined in this document.","pub_date":"December 2021","keywords":["certificates","pkix","tls","website","webpki","browsers"],"obsoletes":["RFC6962"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9162","errata_url":null}