Sunlight, a Certificate Transparency log implementation

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
certificate-transparency Tlog

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sunlight

    A Certificate Transparency log implementation and monitoring API designed for scalability, ease of operation, and reduced cost.

    • This is one of the projects I've been most excited about in the last few years. It let me backport to Certificate Transparency a lot of the modern transparency logging designs that came after it.

    Beyond the Let's Encrypt announcement and the ct-policy thread (which includes a technical and advantages summary), here are a few resources that might be interesting.

    - Design document https://filippo.io/a-different-CT-log

    - Implementation https://github.com/FiloSottile/sunlight

    - API specification https://c2sp.org/sunlight

    - Website, including test logs and feedback channels https://sunlight.dev/

    If you’re thinking “oh we could use something similar” please reach out! Sunlight is retrofitting some of the modern tlog designs on a legacy system. With a greenfield deployment you can do even better! I’m working with the Sigsum project on specs, tooling, and a support ecosystem to make deploying tlogs easier and safer.

  • sigsum

    Mirror only. Official repository is at https://git.glasklar.is/sigsum/project/documentation

    • Exactly! It's a growing ecosystem including things like https://transparency.dev, the Go Checksum Database, https://www.sigsum.org, SigStore, and even key transparency solutions like WhatsApp's.

    One thing you end up needing to deploy tlogs is a way to reassure clients the tree is not forked, and for that you mostly need witness cosigning, where a quorum of third parties attest that a signed tree head is consistent with all the other ones they've seen. I've worked with the Sigsum project and the Google TrustFabric team on an interoperable specification for witnessing (which Sunlight interoperates with), and I am now working to develop a public, reliable ecosystem of witnesses.

    Once you have witnessing, running a log can be as easy as hosting a few files in a GitHub repo or S3 bucket, updated with a batch script. I am very excited to make it possible for any project to get better-than-CT accountability for ~free.

    (You might want to catch my RWC 2024 talk about this once it comes out!)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • C2SP

    Community Cryptography Specification Project

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts