Files
trust-issues/src/content/stories/certificate-transparency-does-not-prevent-mistakes.md
T
Compleet 0e7871f395
validate / validate (push) Successful in 22s
Restructure navigation around What's up / Opine and the reader's utilities
- Stories gain a required type (report | essay); all 28 classified per
  the boundary rule now stated in EDITORIAL.md
- Nav: What's up · Opine · Podcast · Book · Guides · Forum, each gated
  on real content (Forum waits on a forumUrl); logo is Home
- /whats-up (reports, newest first) and /opine (essays, editorial order)
  share a StoryArchive component with subject filters
- Static /tags/<tag> pages for subjects carried by 2+ stories; tags stay
  overlapping, never exclusive departments
- /corrections: generated from revision history (commits beginning
  'Correction:'), so the page cannot under-report
- About, RSS, Corrections, Weekly briefing move to the footer

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-14 14:37:44 +01:00

2.5 KiB

title, type, description, published, editorialOrder, reviewed, author, maintainers, status, featured, homepage, section, draft, tags, trustPattern
title type description published editorialOrder reviewed author maintainers status featured homepage section draft tags trustPattern
Certificate Transparency does not prevent mistakes report It makes certificate authorities observable. That narrower promise has done more for trust than pretending misissuance can be designed away. 2026-07-14 20 2026-07-14 Ana
Ana
historical false false Infrastructure false
certificate-transparency
pki
audit
web
claim trusted failure
Publicly trusted certificate authorities can correctly validate every certificate they issue. The web depends on authorities, browser root programmes, domain control checks, logs, monitors, and incident response. A compromised or mistaken authority can issue a convincing certificate for a domain it does not control.

The encrypted web relies on certificate authorities. Browsers trust a set of organisations to issue certificates binding domain names to keys. A mistake or compromise at any one of them can create a certificate that looks valid for someone else's site.

Certificate Transparency does not solve this by finding a perfect authority. It requires publicly trusted certificates to appear in append-only logs. Domain owners and monitors can inspect the record and detect suspicious issuance.

The system changes the trust claim from "authorities do not make mistakes" to "important authority actions leave evidence."

Auditability is not prevention

A logged bad certificate is still bad. Detection must be followed by investigation, revocation and, in serious cases, removal of an authority from browser trust stores. Logs themselves require operators, consistency checks and monitors.

But the evidence changes behaviour. Secret misissuance becomes harder. Browser vendors and domain owners gain a shared record. Post-incident arguments begin from an observable event rather than the authority's private database.

This is traceability: the ability to connect an actor to an outcome. It is narrower than radical transparency and more operational than a promise of zero failure.

Identity and agent systems need similar records. Not public dumps of personal activity, but tamper-evident evidence of issuance, delegation, revocation and rule changes available to the people who must contest them.

Trust improves when the system stops claiming infallibility and starts making repair possible.

Source