--- title: "Certificate Transparency does not prevent mistakes" type: report description: "It makes certificate authorities observable. That narrower promise has done more for trust than pretending misissuance can be designed away." published: 2026-07-14 editorialOrder: 20 reviewed: 2026-07-14 author: "Ana" maintainers: ["Ana"] status: historical featured: false homepage: false section: "Infrastructure" draft: false tags: ["certificate-transparency", "pki", "audit", "web"] trustPattern: claim: "Publicly trusted certificate authorities can correctly validate every certificate they issue." trusted: "The web depends on authorities, browser root programmes, domain control checks, logs, monitors, and incident response." failure: "A compromised or mistaken authority can issue a convincing certificate for a domain it does not control." --- The encrypted web relies on certificate authorities. Browsers trust a set of organisations to issue certificates binding domain names to keys. A mistake or compromise at any one of them can create a certificate that looks valid for someone else's site. Certificate Transparency does not solve this by finding a perfect authority. It requires publicly trusted certificates to appear in append-only logs. Domain owners and monitors can inspect the record and detect suspicious issuance. The system changes the trust claim from "authorities do not make mistakes" to "important authority actions leave evidence." ## Auditability is not prevention A logged bad certificate is still bad. Detection must be followed by investigation, revocation and, in serious cases, removal of an authority from browser trust stores. Logs themselves require operators, consistency checks and monitors. But the evidence changes behaviour. Secret misissuance becomes harder. Browser vendors and domain owners gain a shared record. Post-incident arguments begin from an observable event rather than the authority's private database. This is traceability: the ability to connect an actor to an outcome. It is narrower than radical transparency and more operational than a promise of zero failure. Identity and agent systems need similar records. Not public dumps of personal activity, but tamper-evident evidence of issuance, delegation, revocation and rule changes available to the people who must contest them. Trust improves when the system stops claiming infallibility and starts making repair possible. ### Source - [Certificate Transparency Version 2.0, RFC 9162](https://www.rfc-editor.org/rfc/rfc9162)