Aggregation-Based Gossip for Certificate Transparency

Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.