Certification Authorities are publicly trusted entities that are authorized by application software providers to issue digital certificates for use in conducting secured transactions. The Internet's security relies heavily on the proper and secure operation of these entities. A single mis-issued certificate can cause mistrust in the entire Internet infrastructure and result in a decrease in online transactions. For example, a bad actor obtaining a certificate with an unverified domain name can perform a man-in-the-middle attack to steal credit card data. If the certificate lacks revocation information, the certificate becomes a permanent fixture on the Internet and cannot be deactivated if the certificate is misused.
Certificate Authorities (CAs) protect digital certificate creation systems by keeping their internal CA systems and processes confidential and secret. Unfortunately, this lack of public scrutiny makes detection of problematic certificates issuance very difficult. A CA may issue certificates without appropriate fields by mistake, through the ignorance of a well-intentioned customer representative, or through the actions of a rogue developer. Any mis-issued certificate may remain undetected for a long period of time, giving attackers repeated opportunities to abuse the CA's mistake.
To prevent these problems, the industry needs a system to check and verify the certificate's issuance and contents. The industry needs a safeguard that prevents mistakes from occurring, that promptly detects mis-issued certificates, and that can determine when problems result from a malicious actor instead of an innocent mistake.