No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
devonobrien Update README.md (#15)
Update Chromium CT Policy to reflect that DigiCert Yeti Logs were added to Chrome 67
Latest commit f5cd30b Jun 2, 2018
Permalink
Failed to load latest commit information.
CONTRIBUTING.md Initial commit Apr 18, 2017
LICENSE Initial commit Apr 18, 2017
README.md Update README.md (#15) Jun 2, 2018
ct_policy.md Fix editorial nits Feb 1, 2018
log_policy.md Update log_policy.md Aug 1, 2017
mmd_monitor_root.crt Initial commit Apr 18, 2017

README.md

Chromium Certificate Transparency Policy

This repository contains documents related Chromium's Certificate Transparency policies, such as the Certificate Transparency Log Policy.

Their contents can be discussed in the ct-policy@chromium.org forum.

For Certificate Authorities

In order to help protect users of the Chromium Projects, CAs are expected to support Certificate Transparency. This allows users, the Chromium Authors, and the public to verifiably audit that CAs are conforming to the policies set out in Chromium's Root Certificate Policy.

Currently, Chromium does not enforce that all Root CAs support Certificate Transparency for all certificates. However, it is required for the certificates issued by some CAs, and in order to have a certificate recognized as an Extended Validation certificate, that such certificates MUST be CT Qualified. For more details, see the Certificate Transparency in Chrome Policy.

For Log Operators

In order for a Log to be included within Chromium, it must meet the requirements of the Certificate Transparency Log Policy. The Log Policy describes the steps for Log Operators to submit Logs for inclusion within Chromium.

Recognized Logs

The following table includes information about the Certificate Transparency Logs that are recognized by Chromium. It includes information about who operates the log, the name the log has been given, and the URL that can be used for logging certificates or inspecting the certificates that have been logged.

Note: The authoritative list is maintained in the Chromium code base. This is merely informational.

Qualified Logs

Log Operator Name Log URL Maximum Merge Delay Included Since
Google Google 'Pilot' Log https://ct.googleapis.com/pilot 24 hours Revision: https://crrev.com/237785
Chrome: 35
Google Google 'Aviator' Log https://ct.googleapis.com/aviator 24 hours Revision: https://crrev.com/237785
Chrome: 35
Note: Frozen (not accepting new certificates)
DigiCert DigiCert's Certificate Transparency log https://ct1.digicert-ct.com/log/ 24 hours Revision: https://crrev.com/309831
Chrome: 41
Google Google 'Rocketeer' Log https://ct.googleapis.com/rocketeer 24 hours Revision: https://crrev.com/325382
Chrome: 43
DigiCert Symantec Log https://ct.ws.symantec.com 24 hours Revision: https://crrev.com/483625
Chrome: 45
DigiCert Symantec 'Vega' Log https://vega.ws.symantec.com/ 24 hours Revision: https://crrev.com/376143
Chrome: 50
CNNIC CNNIC CT Log https://ctserver.cnnic.cn/ 24 hours Revision: https://crrev.com/396817
Chrome: 53
Google Google 'Skydiver' Log https://ct.googleapis.com/skydiver/ 24 hours Revision: https://crrev.com/429670
Chrome: 55
Google Google 'Icarus' Log https://ct.googleapis.com/icarus/ 24 hours Revision: https://crrev.com/429670
Chrome: 55
Venafi Venafi Gen2 CT log https://ctlog-gen2.api.venafi.com/ 24 hours Revision: https://crrev.com/471318
Chrome: 59
Comodo Comodo 'Sabre' Log https://sabre.ct.comodo.com/ 24 hours Revision: https://crrev.com/482145 
Chrome: 60
Comodo Comodo 'Mammoth' Log https://mammoth.ct.comodo.com/ 24 hours Revision: https://crrev.com/482145
Chrome: 60
DigiCert DigiCert Log Server 2 https://ct2.digicert-ct.com/log/ 24 hours Revision: https://crrev.com/481160
Chrome: 60
DigiCert Symantec 'Sirius' Log https://sirius.ws.symantec.com/ 24 hours Revision: https://crrev.com/481160
Chrome: 60
Google Google 'Argon2018' Log https://ct.googleapis.com/logs/argon2018/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Google Google 'Argon2019' Log https://ct.googleapis.com/logs/argon2019/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Google Google 'Argon2020' Log https://ct.googleapis.com/logs/argon2020/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Google Google 'Argon2021' Log https://ct.googleapis.com/logs/argon2021/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Cloudflare Cloudflare 'Nimbus2018' Log https://ct.cloudflare.com/logs/nimbus2018/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Cloudflare Cloudflare 'Nimbus2019' Log https://ct.cloudflare.com/logs/nimbus2019/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Cloudflare Cloudflare 'Nimbus2020' Log https://ct.cloudflare.com/logs/nimbus2020/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
Cloudflare Cloudflare 'Nimbus2021' Log https://ct.cloudflare.com/logs/nimbus2021/ 24 hours Revision: https://crrev.com/540254
Chrome: 65
DigiCert DigiCert 'Yeti2018' Log https://yeti2018.ct.digicert.com/log/ 24 hours Revision: https://crrev.com/559734
Chrome: 67
DigiCert DigiCert 'Yeti2019' Log https://yeti2019.ct.digicert.com/log/ 24 hours Revision: https://crrev.com/559734
Chrome: 67
DigiCert DigiCert 'Yeti2020' Log https://yeti2020.ct.digicert.com/log/ 24 hours Revision: https://crrev.com/559734
Chrome: 67
DigiCert DigiCert 'Yeti2021' Log https://yeti2021.ct.digicert.com/log/ 24 hours Revision: https://crrev.com/559734
Chrome: 67
DigiCert DigiCert 'Yeti2022' Log https://yeti2022.ct.digicert.com/log/ 24 hours Revision: https://crrev.com/559734
Chrome: 67

Once, but no longer, Qualified Logs

Log Operator Name Log URL Maximum Merge Delay Included Since Last Accepted SCT
Certly Certly.IO Log https://log.certly.io 24 hours Revision: https://crrev.com/325382
Chrome: 43
15 April 2016 00:00:00 UTC.
Izenpe Izenpe Log https://ct.izenpe.com 24 hours Revision: https://crrev.com/326301
Chrome: 44
30 May 2016 00:00:00 UTC.
Venafi Venafi CT Log Server https://ctlog.api.venafi.com/ct/v1 24 hours Revision: https://crrev.com/349170
Chrome: 47
Last Accepted SCT: 28 Feb 2017 18:42:26 UTC.
WoSign WoSign Log https://ctlog.wosign.com/ 24 hours Revision: https://crrev.com/414378
Chrome: 54
12 Feb 2018 23:59:59 UTC.
StartCom StartCom CT Log https://ct.startssl.com/ 24 hours Revision: https://crrev.com/414440
Chrome: 54
12 Feb 2018 23:59:59 UTC.

Policy Version

Chromium Certificate Transparency Policy Version 1.0