Hello!

On Sun, Nov 08, 2015 at 04:16:14PM +0100, Joó Ádám wrote:

> Do we know if there’s any plan to support the signed certificate
> timestamp TLS extension in Nginx? (There’s apparently a third party
> module that implements the functionality:
> https://github.com/grahamedgecombe/nginx-ct)

No plans.

> The TLS extension is the only method to implement Certificate
> Transparency without the assistance of the CA, and starting with
> January 1 2015 Chrome refuses to display the green bar for EV
> certificates without Certificate Transparency.
>
> StartSSL is one CA that currently does not support other methods,
> which means a lot of sites suffers from this.

There are at lease some CAs that provide CT support without a need
to submit a certificate to log servers yourself and use the
signed_certificate_timestamp extension. Given that's all about EV
certs, switching to a different CA is a solution to consider if a
particular CA doesn't support CT.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx