[Inform] Announcing sunset of Venafi CT log server (ctlog-gen2.api.venafi.com)

179 views
Skip to first unread message

Hari Nair

unread,
Feb 22, 2018, 2:44:15 AM2/22/18
to Certificate Transparency Policy

Dear Certificate Transparency Community,

 

In 2016 Venafi introduced a no-cost Certificate Transparency (CT) Log to help all Certificate Authorities (CAs) participate in the Certificate Transparency network. Our goal was to accelerate adoption of CT and improve the security and integrity of all encrypted traffic – universal logging of certificates helps protect Venafi customers from the malicious use of digital certificates. Venafi’s vision of all certificates being logged to CT, including Doman Validated (DV) certificates, has now become a reality and therefore the need for Venafi to operate its own infrastructure is no longer needed.

 

This note is to announce the upcoming deprecation of Venafi’s CT log server (ctlog-gen2.api.venafi.com). Venafi has reached out to each of our CA partners who have requested permission to log to our CT log server and informed them of this decision in late January.

The intended date of deprecation is February 28, 2018. After this date, Venafi’s CT API will not respond to new certificate logging requests. To help the community operate without disruption, the log server will continue to stay operational to validate previously logged certificates through January 1st, 2020.  (see attached document for more details).

 

Needless to say, Venafi will remain keenly invested in the Certificate Transparency initiative and continue to actively promote the need for visibility into all publicly trusted TLS certificates. We wish the community continued success!

 

Best regards,

 

Hari Nair

Director – Product Management

ctlog...@venafi.com

www.venafi.com

CT-Gen2-Decomission_v9.pdf

Alex Gaynor

unread,
Feb 22, 2018, 9:36:28 AM2/22/18
to Hari Nair, Certificate Transparency Policy
Hi Hari,

Could Venafi check the certificates in your CT server and see if there exist any that are not present in other widely used CT servers, and mirror the certificates to those? While this would not affect trust in Chrome or other browsers, it will assist with CT's usage as an auditing and archival tool.

Thanks,
Alex

--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+unsubscribe@chromium.org.
To post to this group, send email to ct-p...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/56c6657f-7ab7-41c8-afb3-25e5b9f26fd7%40chromium.org.

Hari Nair

unread,
Feb 22, 2018, 9:02:12 PM2/22/18
to Alex Gaynor, Certificate Transparency Policy
Hi Alex,

Yes, will do. We will do our due diligence and get back to this thread.

Best,
Hari 
Reply all
Reply to author
Forward
0 new messages