Confirmed users
569
edits
SecurityEngineering/Certificate Transparency: Difference between revisions
Jump to navigation
Jump to search
SecurityEngineering/Certificate Transparency (view source)
Revision as of 17:02, 24 October 2025
, 24 October 2025→CT Log Policy: Added language qualifying addition of roots to existing logs
(→CT Log Policy: R.Stradling's suggested improvement) |
(→CT Log Policy: Added language qualifying addition of roots to existing logs) |
||
| Line 28: | Line 28: | ||
=== CT Log Policy === | === CT Log Policy === | ||
Mozilla does not maintain a separate log application process. We recognize CT logs that appear in the Chromium log_list.json list, located at https://googlechrome.github.io/CertificateTransparency/log_lists.html. CT logs included in that list that are marked '''qualified''', '''usable''', '''readonly''', or '''retired''' are considered usable by Mozilla as described above. Log operators seeking inclusion or updates to their logs should apply through Google’s CT log program. For all '''Qualified''' and '''Usable''' logs, the operator MUST include in the Accepted Roots list all Root Certificates in NSS that have the websites trust bit enabled. All log operators MUST maintain reliable availability, timely merging of submitted certificates, and ongoing compliance with all relevant CT operational requirements. Mozilla reserves the right to independently assess or disqualify any log to protect its users. | Mozilla does not maintain a separate log application process. We recognize CT logs that appear in the Chromium log_list.json list, located at https://googlechrome.github.io/CertificateTransparency/log_lists.html. CT logs included in that list that are marked '''qualified''', '''usable''', '''readonly''', or '''retired''' are considered usable by Mozilla as described above. Log operators seeking inclusion or updates to their logs should apply through Google’s CT log program. For all '''Qualified''' and '''Usable''' logs, the operator MUST include in the Accepted Roots list all Root Certificates in NSS that have the websites trust bit enabled at the time the log is created or accepted for inclusion. Log operators are encouraged, but not required, to periodically update their Accepted Roots list to include newly trusted NSS roots. All log operators MUST maintain reliable availability, timely merging of submitted certificates, and ongoing compliance with all relevant CT operational requirements. Mozilla reserves the right to independently assess or disqualify any log to protect its users. | ||