Certificate Transparency (RFC 6962) is a protocol that aims to provide additional security to the WebPKI ecosystem, which is used as the root of trust in TLS connections of the browsers. The idea is that issued certificates must be logged in auditable certificate transparency logs, in order to be considered valid by the browser. This gives transparency into the operation of Certificate Authorities (CAs).

This talk revisits the evolution of the Certificate Transparency (CT) protocol, beginning with a brief recap of the problem that motivated its design and the rollout of the protocol over the last decade.

Then, I will examine the state of the ecosystem as it is today, including browser enforcement policies and current log operators, as well as recent developments such as the static CT API rollout.

I'll highlight some of the remaining issues in the security of the protocol, such as issues with log list management and the lack of progress on gossip.

Finally, I'll introduce (and depending on the state of progress also demonstrate) luCT, a project I am working on, which attempts to tackle some of these issues in the CT ecosystem before closing with an outlook into the future of the ecosystem and a call to action.