Sunlight is Let’s Encrypt’s new Certificate Transparency log that aims to address scalability, operational, and cost challenges in the CT ecosystem. Developed in collaboration with Filippo Valsorda, it introduces innovative elements like tiles for efficient data management and a simplified architecture to enhance reliability and performance.
Main Points
Introduction of Sunlight
Sunlight is a new Certificate Transparency log implementation designed for scalability, ease of operation, and cost-effectiveness. It’s developed by Let’s Encrypt with feedback from the transparency logging community.
Sunlight's implementation and efficiency
The new system utilizes ‘tiles’ – files containing 256 elements each – to manage the high volume of certificates more efficiently than previous methods.
Architecture and merge delay resolution
A key feature of Sunlight is its architecture that eliminates the need for leader election on the write path and removes the merge delay, addressing common CT log challenges.
Insights
Certificate Transparency plays a crucial role in Web PKI
CT plays an important role in the Web PKI, enhancing the ability to monitor and research certificate issuance.
Sunlight aims to improve the robustness of the CT ecosystem
Sunlight’s design aims to improve the robustness and diversity of the CT ecosystem, while also improving the reliability and performance of Let’s Encrypt’s logs.
Sunlight introduces a new approach to handle large volumes of certificates
Sunlight tiles are files containing 256 elements each, which allows for a more scalable and efficient management of certificate entries.
The Sunlight project seeks to eliminate the merge delay issue
Sunlight takes a different approach, holding submissions while it batches and integrates certificates in the log, eliminating the merge delay.
Links
- Sunlight project website
- Let's Encrypt CT logs information
- Sunlight specification
- Sunlight source code on GitHub
- Support Let's Encrypt
- Join the transparency-dev Slack