mdounin at mdounin.ru
Mon Nov 9 13:21:34 UTC 2015
On Sun, Nov 08, 2015 at 04:16:14PM +0100, Joó Ádám wrote:
> Do we know if there’s any plan to support the signed certificate
> timestamp TLS extension in Nginx? (There’s apparently a third party
> module that implements the functionality:
> The TLS extension is the only method to implement Certificate
> Transparency without the assistance of the CA, and starting with
> January 1 2015 Chrome refuses to display the green bar for EV
> certificates without Certificate Transparency.
> StartSSL is one CA that currently does not support other methods,
> which means a lot of sites suffers from this.
There are at lease some CAs that provide CT support without a need
to submit a certificate to log servers yourself and use the
signed_certificate_timestamp extension. Given that's all about EV
certs, switching to a different CA is a solution to consider if a
particular CA doesn't support CT.
More information about the nginx