TLS certificates have Certificate Transparency mechanism to promote the transparency of the Web. Thanks to loggers and monitors, every day thousand of certificates are analyzed carefully to detect suspicious certificates. All certificates are added into a tree and are inmutable. They cannot be modified.
However, there is no similar concept to S/MIME certificates. We think that it cannot be implemented as-is for evident privacy aspects. Having a repository with thousands email addresses does not seem a good idea.
What we propose with our public repository is to provide some level of transparency, maintaining the privacy of the subjects. Our repository records all certificates issued by CASTLE CA and index them into our search engine. You can search a certificate by email, serial, fingerprint or other field.
Obviously, the certificates cannot be downloaded, since they will unveil the recipient email addresses. Instead, email addresses are obfuscated to foreign eyes, but easily identificables for the owner and other people who wants to check publicly the certificate. For instance, it allows to track a public key across the renewals and identify suspicious issues.
The repository can be found at http://acme.castle.cloud/acme/certificates/.
