SlideShare a Scribd company logo

Balancing Customer Privacy with Transparency

Download as PPTX, PDF
P
pzb

Slides based on a presentation at Meeting 39 of the CA/Browser Forum

Technology
1 of 8
Balancing Customer Privacy with Transparency
Certificate Transparency: RFC 6962 The CT log (public database) contains either a copy of the full certificate or a “pre-certificate” which contains all the elements of the certificate except embedded CT information.
Client support • Mozilla Firefox – 2017 • Apple – iOS 10 and macOS Sierra allows applications to require CT • Chrome – EV since 2015, all new certs starting Oct 2017 • OpenSSL 1.0.2 (no validation, just parsing) Mozilla and Apple have not yet published information on which logs they trust or policy on accepting logs
Information Disclosure • Fully Qualified Domain Names • secret.projects.example.com • Subject Attributes • Individual names • Addresses • Company affiliation • Association with CA • Corporate CA issuing any kind of certificate for a domain may be informative (metadata FTW)
RFC 6962-bis (bis is French for again or encore) Calls out two options for privacy 1. Use wildcards (allows privacy for left most label) 2. Use Name Constrained subordinate CAs Separate Draft proposes a third option 3. Pre-certificates with some subject information omitted Choosing a certificate profile with less subject information is also an option.
Use cases for privacy • Binding of domain name to corporate entity (domain name uses proxy registration) • PII in certain certificate types (Qualified?) • Overly descriptive labels in FQDNs (provides a blueprint of network topology) • Disclosure of confidential projects (e.g. newthing.example.com or fordacquisition.gm.com) – may become public at a future point
Technical Implementations of DNS Privacy • Private DNS subtree (e.g. corp.example.com subtree is permanently private) • Split Horizon DNS (e.g. two copies of the DNS zone) • DNSSEC added NSEC3 to avoid disclosure of record names to address similar concerns
IETF Public Notary Transparency (“trans”) WG https://datatracker.ietf.org/wg/trans/charter/ https://www.ietf.org/mailman/listinfo/trans

Recommended

Red Office Documents Security Proposal
Red Office Documents Security ProposalRed Office Documents Security Proposal
Red Office Documents Security ProposalZhi Guan
 
Andres
AndresAndres
AndresKATEKO1208
 
02 - Blockchain Technology - Blockchain Security
02 - Blockchain Technology - Blockchain Security02 - Blockchain Technology - Blockchain Security
02 - Blockchain Technology - Blockchain SecurityITROOS
 
01 - Blockchain technology - Basics
01 - Blockchain technology - Basics01 - Blockchain technology - Basics
01 - Blockchain technology - BasicsITROOS
 
Ch32
Ch32Ch32
Ch32bitistu
 
Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Yireo
 
HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...
HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...
HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...HTPOWLASER.RU
 
Plan anual de trabajo
Plan anual de trabajoPlan anual de trabajo
Plan anual de trabajotelesecundaria0422q
 

Recommended

Red Office Documents Security Proposal
Red Office Documents Security ProposalRed Office Documents Security Proposal
Red Office Documents Security ProposalZhi Guan
 
Andres
AndresAndres
AndresKATEKO1208
 
02 - Blockchain Technology - Blockchain Security
02 - Blockchain Technology - Blockchain Security02 - Blockchain Technology - Blockchain Security
02 - Blockchain Technology - Blockchain SecurityITROOS
 
01 - Blockchain technology - Basics
01 - Blockchain technology - Basics01 - Blockchain technology - Basics
01 - Blockchain technology - BasicsITROOS
 
Ch32
Ch32Ch32
Ch32bitistu
 
Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Yireo
 
HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...
HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...
HTTP OW 3000 mVt(3Vt) zelenaya lazernaya ukazka vodozashchishchennaya portati...HTPOWLASER.RU
 
Plan anual de trabajo
Plan anual de trabajoPlan anual de trabajo
Plan anual de trabajotelesecundaria0422q
 
Fall 2016 State of the Arts NYC Newsletter
Fall 2016 State of the Arts NYC NewsletterFall 2016 State of the Arts NYC Newsletter
Fall 2016 State of the Arts NYC NewsletterWest Harlem Art Fund
 
spring bed double
spring bed doublespring bed double
spring bed doublebagus springbed
 
Flyinbuy español jose luis jimenez moreno
Flyinbuy español jose luis jimenez morenoFlyinbuy español jose luis jimenez moreno
Flyinbuy español jose luis jimenez morenoJose-Luis Jimenez-Moreno
 
Sistema endocrino
Sistema endocrinoSistema endocrino
Sistema endocrinoMiriam Sotelo
 
Gasto cardiaco
Gasto cardiacoGasto cardiaco
Gasto cardiacoMiriam Sotelo
 
Feminicidio
FeminicidioFeminicidio
Feminicidioscarleth_12
 
Circulación
CirculaciónCirculación
CirculaciónMiriam Sotelo
 
AFINTINNI's R.resume
AFINTINNI's R.resume AFINTINNI's R.resume
AFINTINNI's R.resume Tobi Davids. A
 
La Isla de los Caimanes
La Isla de los CaimanesLa Isla de los Caimanes
La Isla de los Caimanestifgarcia
 
Colores de la carta
Colores de la cartaColores de la carta
Colores de la cartaScratsh Sama
 
Exposicion planetas de ondas circulares
Exposicion planetas de ondas circularesExposicion planetas de ondas circulares
Exposicion planetas de ondas circulareswilmersabalatorrealba
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
ITE v5.0 - Chapter 6
ITE v5.0 - Chapter 6ITE v5.0 - Chapter 6
ITE v5.0 - Chapter 6Irsandi Hasan
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Hamza Malik
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptxAmnaNadeem27
 
Chapter 10 - Application Layer
Chapter 10 - Application LayerChapter 10 - Application Layer
Chapter 10 - Application LayerYaser Rahmati
 
CCNAv5 - S1: Chapter 10 Application Layer
CCNAv5 - S1: Chapter 10 Application LayerCCNAv5 - S1: Chapter 10 Application Layer
CCNAv5 - S1: Chapter 10 Application LayerVuz Dở Hơi
 
Chapter 10 : Application layer
Chapter 10 : Application layerChapter 10 : Application layer
Chapter 10 : Application layerteknetir
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10Infinity Tech Solutions
 
unit6.ppt
unit6.pptunit6.ppt
unit6.pptSrinivas Devulapalli
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
Oci meetup v1
Oci meetup v1Oci meetup v1
Oci meetup v1RaphaelCampelo
 

More Related Content

Viewers also liked

Fall 2016 State of the Arts NYC Newsletter
Fall 2016 State of the Arts NYC NewsletterFall 2016 State of the Arts NYC Newsletter
Fall 2016 State of the Arts NYC NewsletterWest Harlem Art Fund
 
Flyinbuy español jose luis jimenez moreno
Flyinbuy español jose luis jimenez morenoFlyinbuy español jose luis jimenez moreno
Flyinbuy español jose luis jimenez morenoJose-Luis Jimenez-Moreno
 
La Isla de los Caimanes
La Isla de los CaimanesLa Isla de los Caimanes
La Isla de los Caimanestifgarcia
 
Colores de la carta
Colores de la cartaColores de la carta
Colores de la cartaScratsh Sama
 
Exposicion planetas de ondas circulares
Exposicion planetas de ondas circularesExposicion planetas de ondas circulares
Exposicion planetas de ondas circulareswilmersabalatorrealba
 

Viewers also liked (11)

Fall 2016 State of the Arts NYC Newsletter
Fall 2016 State of the Arts NYC NewsletterFall 2016 State of the Arts NYC Newsletter
Fall 2016 State of the Arts NYC Newsletter
 
spring bed double
spring bed doublespring bed double
spring bed double
 
Flyinbuy español jose luis jimenez moreno
Flyinbuy español jose luis jimenez morenoFlyinbuy español jose luis jimenez moreno
Flyinbuy español jose luis jimenez moreno
 
Sistema endocrino
Sistema endocrinoSistema endocrino
Sistema endocrino
 
Gasto cardiaco
Gasto cardiacoGasto cardiaco
Gasto cardiaco
 
Feminicidio
FeminicidioFeminicidio
Feminicidio
 
Circulación
CirculaciónCirculación
Circulación
 
AFINTINNI's R.resume
AFINTINNI's R.resume AFINTINNI's R.resume
AFINTINNI's R.resume
 
La Isla de los Caimanes
La Isla de los CaimanesLa Isla de los Caimanes
La Isla de los Caimanes
 
Colores de la carta
Colores de la cartaColores de la carta
Colores de la carta
 
Exposicion planetas de ondas circulares
Exposicion planetas de ondas circularesExposicion planetas de ondas circulares
Exposicion planetas de ondas circulares
 

Similar to Balancing Customer Privacy with Transparency

E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
ITE v5.0 - Chapter 6
ITE v5.0 - Chapter 6ITE v5.0 - Chapter 6
ITE v5.0 - Chapter 6Irsandi Hasan
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Hamza Malik
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptxAmnaNadeem27
 
Chapter 10 - Application Layer
Chapter 10 - Application LayerChapter 10 - Application Layer
Chapter 10 - Application LayerYaser Rahmati
 
CCNAv5 - S1: Chapter 10 Application Layer
CCNAv5 - S1: Chapter 10 Application LayerCCNAv5 - S1: Chapter 10 Application Layer
CCNAv5 - S1: Chapter 10 Application LayerVuz Dở Hơi
 
Chapter 10 : Application layer
Chapter 10 : Application layerChapter 10 : Application layer
Chapter 10 : Application layerteknetir
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
Oracle Cloud Infraestructure Update
Oracle Cloud Infraestructure UpdateOracle Cloud Infraestructure Update
Oracle Cloud Infraestructure UpdateRaphaelCampelo
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
Lecture Notes- Network Services - Copy.pptx
Lecture Notes- Network Services - Copy.pptxLecture Notes- Network Services - Copy.pptx
Lecture Notes- Network Services - Copy.pptxSaqibAhmedKhan4
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Positive Hack Days
 
Storage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use CasesStorage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use CasesHybrid Cloud
 
aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...
aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...
aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...Sébastien Paulet
 
Tips To Implementing Multiple Cloud Storage APIs
Tips To Implementing Multiple Cloud Storage APIsTips To Implementing Multiple Cloud Storage APIs
Tips To Implementing Multiple Cloud Storage APIsSNIACloud
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3Irsandi Hasan
 

Similar to Balancing Customer Privacy with Transparency (20)

E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
ITE v5.0 - Chapter 6
ITE v5.0 - Chapter 6ITE v5.0 - Chapter 6
ITE v5.0 - Chapter 6
 
Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10Ccna v5-S1-Chapter 10
Ccna v5-S1-Chapter 10
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
 
Chapter 10 - Application Layer
Chapter 10 - Application LayerChapter 10 - Application Layer
Chapter 10 - Application Layer
 
CCNAv5 - S1: Chapter 10 Application Layer
CCNAv5 - S1: Chapter 10 Application LayerCCNAv5 - S1: Chapter 10 Application Layer
CCNAv5 - S1: Chapter 10 Application Layer
 
Chapter 10 : Application layer
Chapter 10 : Application layerChapter 10 : Application layer
Chapter 10 : Application layer
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit v
 
Oci meetup v1
Oci meetup v1Oci meetup v1
Oci meetup v1
 
Oracle Cloud Infraestructure Update
Oracle Cloud Infraestructure UpdateOracle Cloud Infraestructure Update
Oracle Cloud Infraestructure Update
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
 
Lecture Notes- Network Services - Copy.pptx
Lecture Notes- Network Services - Copy.pptxLecture Notes- Network Services - Copy.pptx
Lecture Notes- Network Services - Copy.pptx
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
 
Lec 8.pptx.pdf
Lec 8.pptx.pdfLec 8.pptx.pdf
Lec 8.pptx.pdf
 
Storage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use CasesStorage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use Cases
 
aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...
aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...
aMS Aachen -Personal and confidential data - how to manage them in M365 2022-...
 
Tips To Implementing Multiple Cloud Storage APIs
Tips To Implementing Multiple Cloud Storage APIsTips To Implementing Multiple Cloud Storage APIs
Tips To Implementing Multiple Cloud Storage APIs
 
CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3CCNA RS_NB - Chapter 3
CCNA RS_NB - Chapter 3
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Balancing Customer Privacy with Transparency

  • 2. Certificate Transparency: RFC 6962 The CT log (public database) contains either a copy of the full certificate or a “pre-certificate” which contains all the elements of the certificate except embedded CT information.
  • 3. Client support • Mozilla Firefox – 2017 • Apple – iOS 10 and macOS Sierra allows applications to require CT • Chrome – EV since 2015, all new certs starting Oct 2017 • OpenSSL 1.0.2 (no validation, just parsing) Mozilla and Apple have not yet published information on which logs they trust or policy on accepting logs
  • 4. Information Disclosure • Fully Qualified Domain Names • secret.projects.example.com • Subject Attributes • Individual names • Addresses • Company affiliation • Association with CA • Corporate CA issuing any kind of certificate for a domain may be informative (metadata FTW)
  • 5. RFC 6962-bis (bis is French for again or encore) Calls out two options for privacy 1. Use wildcards (allows privacy for left most label) 2. Use Name Constrained subordinate CAs Separate Draft proposes a third option 3. Pre-certificates with some subject information omitted Choosing a certificate profile with less subject information is also an option.
  • 6. Use cases for privacy • Binding of domain name to corporate entity (domain name uses proxy registration) • PII in certain certificate types (Qualified?) • Overly descriptive labels in FQDNs (provides a blueprint of network topology) • Disclosure of confidential projects (e.g. newthing.example.com or fordacquisition.gm.com) – may become public at a future point
  • 7. Technical Implementations of DNS Privacy • Private DNS subtree (e.g. corp.example.com subtree is permanently private) • Split Horizon DNS (e.g. two copies of the DNS zone) • DNSSEC added NSEC3 to avoid disclosure of record names to address similar concerns
  • 8. IETF Public Notary Transparency (“trans”) WG https://datatracker.ietf.org/wg/trans/charter/ https://www.ietf.org/mailman/listinfo/trans