CT logs for non browser applications

Question

Most what I read on CT logs is about browsers checking the logs for websites. But what about normal applications or updates for operating systems (like apt-get over https, windows/osx updates ...)

Is checking CT logs mandatory for those too? Is it up to the program developer to implement this?

Browsers (and other clients, if implemented) don't check logs; they check the SCT(s) created by the logs and either inserted in the cert by the CA or added as a TLS extension by the server. — dave_thompson_085, Feb 13 '21 at 03:55

score 1 · Answer 1 · answered Feb 12 '21 at 12:17

1

Is it up to the program developer to implement this?

that's correct, it is up to developer to include CT log support in non-browser applications. CT Logs are required by CA/Browser Forum and this covers only web browsers.

answered Feb 12 '21 at 12:17

Crypt32

5,750
12
24

CT logs for non browser applications

1 Answers1