Governance, Regulation & Compliance


Education Level: Basic

5217 - Certificate Transparency for a More Resilient Certificate Ecosystem

Tuesday, September 26
1:45 PM - 2:45 PM

Encryption certificates issued to web entities by certificate authorities were designed to protect the exchange of sensitive information against malicious attacks, but vulnerabilities exist in this client-server-CA triad. CAs that issue digital certificates and the certificates themselves are targets for compromise and misuse. A web server that installs a certificate from a compromised CA may itself become compromised. Likewise, browsers must verify the authenticity and trustworthiness of any site visited to defend against further corruption.

Certificate Transparency prescribes a publicly accessible framework where certificates can be monitored and audited. While CT cannot prevent attacks, as more participate in the CT ecosystem, it can help find and expose bad actors more quickly, thus minimizing potential data and financial losses by all parties.

Learning Objectives:

Andrea A. Kunz

Sr. Information Systems Engineer
MITRE Corporation

During her 20 years on active duty in the Air Force, Andrea Kunz was responsible for computer systems software and security. Following retirement in 2003, she worked for Northrup-Grumman/TASC doing computer security architectures and obtained her CISSP credential. Andrea joined MITRE in 2005 as a senior information systems engineer in support of the Air Force Cyber and Crypto Systems Division at Lackland AFB. She has spent the last five years working in the areas of PKI, cloud security and identity and access management.

Last year, Andrea researched and authored a MITRE technical paper titled “Certificate Pinning and Transparency for Resilient Certification Authorities.” Recently, she attended and participated in a workshop to contribute to development of Certificate Transparency policy.


Send Email for Andrea Kunz


5217 - Certificate Transparency for a More Resilient Certificate Ecosystem

Slides Handout

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Certificate Transparency for a More Resilient Certificate Ecosystem