Notifications
Clear all
Topic starter
25/06/2026 10:36 pm
TL;DR: Google approved a certificate transparency log for inclusion in Chrome after its testing period, setting new proof requirements for EV certificates and highlighting the need for independent log coverage and high availability, according to DigiCert. For identity teams, the signal is that trust now depends on verifiable ecosystem controls, not certificate issuance alone.
NHIMG editorial — based on content published by DigiCert: DigiCert’s Certificate Transparency Log Approved
By the numbers:
- 69% of organisations now have more machine identities than human ones.
- 57% of organisations lack a complete inventory of their machine identities.
Questions worth separating out
Q: How should teams govern certificate trust when browser acceptance depends on external proofs?
A: Teams should treat certificate trust as a governed lifecycle, not a single issuance event.
Q: Why does certificate transparency matter to identity governance programmes?
A: Certificate transparency matters because it shows that machine trust can depend on verifiable public evidence rather than internal assurance alone.
Q: What breaks when certificate logs are not independently operated or highly available?
A: When logs are not independent or reliable, the trust model can no longer prove that issuance was recorded and observable outside the issuer’s own domain.
Practitioner guidance
- Map certificate assurance to the full lifecycle Inventory where issuance, log submission, monitoring, renewal, and revocation occur, then assign ownership for each step.
- Validate independent proof sources Check whether your trust model depends on evidence that comes from distinct operators or control planes.
- Treat availability as a trust control Set monitoring and recovery requirements for any logging or validation service that your trust chain depends on.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- The approval path for the CT log, including the testing and monitoring requirements it had to satisfy.
- The browser-side proof requirements for EV certificates and how they change over time.
- The role of independent logs in supporting certificate transparency at scale.
- DigiCert's explanation of why CT support was implemented across its systems.
👉 Read DigiCert’s post on certificate transparency log approval in Chrome →
Certificate transparency in Chrome: what does it mean for EV trust?
Explore further
25/06/2026 11:12 pm
Certificate transparency turns certificate trust into a verifiable governance problem. The browser no longer relies on issuance alone, but on proof that issuance was recorded in approved logs. That changes the control model from static trust to monitored trust, which is the same direction identity governance has taken for NHIs and other machine credentials. The practitioner takeaway is that trust is now conditional on evidence, not assumption.
A few things that frame the scale:
- 69% of organisations now have more machine identities than human ones, according to The Critical Gaps in Machine Identity Management report.
- 57% of organisations lack a complete inventory of their machine identities, which is why visibility and ownership remain recurring governance gaps.
A question worth separating out:
Q: Which identity controls should teams compare with certificate transparency governance?
A: Teams should compare certificate transparency governance with NHI lifecycle management, because both depend on ownership, validation, monitoring, and offboarding. The useful comparison is not between products, but between trust models that rely on isolated issuance and trust models that rely on continuous external evidence.
👉 Read our full editorial: Certificate transparency and EV trust: what Chrome approval changes
