Announcing Newly Qualified Logs -- Sectigo Elephant logs

[Joe DeBlasio]

New CT Logs have been approved for inclusion in Chrome, having completed their application and successfully undergone compliance monitoring. The following logs are now marked as Qualified:

• Sectigo Elephant2025h2 (https://elephant2025h2.ct.sectigo.com)
• Sectigo Elephant2026h1 (https://elephant2026h1.ct.sectigo.com)
• Sectigo Elephant2026h2 (https://elephant2026h2.ct.sectigo.com)
• Sectigo Elephant2027h1 (https://elephant2027h1.ct.sectigo.com)
• Sectigo Elephant2027h2 (https://elephant2027h2.ct.sectigo.com)

CT Logs should not be relied upon for production certificate logging purposes until they have transitioned from Qualified to Usable, which will happen approximately 70 days after they first appear in the v3 CT log list.

Best,

Joe, on behalf of the Chrome CT team

[Pierre Barre]

Hi,

From an ip address that doesn't produces any other CT traffic, I get 429's 100% of the time on Elephant2025h2 even at the first request. I wonder if it's not some internal load balancer ip address that gets rate limited? :) 

~> curl 'https://elephant2025h2.ct.sectigo.com/ct/v1/get-sth'

<html>

<head><title>429 Too Many Requests</title></head>

<body>

<center><h1>429 Too Many Requests</h1></center>

<hr><center>nginx</center>

</body>

</html>

Best,

Pierre

--

You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/CAFZs0S5DYnNbu3V8o3uWOihP0QPGt1Z5OegN05aXbrpWUdW%3DQA%40mail.gmail.com.

[Martijn Katerbarg]

Hi Pierre,

 

This ties into the discussion ongoing in https://groups.google.com/a/chromium.org/g/ct-policy/c/jW7eKhnctHQ/m/taLP-_HZAgAJ?utm_medium=email&utm_source=footer. We utilize both a per-IP rate limit as well as a (higher) global rate limit.

 

At around 16:00 UTC yesterday, GET traffic on elephant2025h2 almost doubled, and has been steady at that rate since. That’s caused the global rate limit to be reached pretty much constantly.

As we mentioned in the other thread, we're working to increase this limit and to implement some additional changes, so I expect this will improve. For consistency I would suggest we continue the discussion of the rate limits and other changes we’re making, in the thread linked above.

Regards,

 

Martijn Katerbarg

Senior Compliance Engineer

W: Sectigo.com     E: martijn....@sectigo.com

This message and any files associated with it may contain legally privileged, confidential, or propriety information. If you are not the intended recipient, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender by reply email, disregard the foregoing messages, and delete it immediately.

 

 

From: ct-p...@chromium.org <ct-p...@chromium.org> on behalf of Pierre Barre <pierre...@barre.sh>
Date: Thursday, 15 May 2025 at 06:39
To: Joe DeBlasio <jdeb...@chromium.org>, Certificate Transparency Policy <ct-p...@chromium.org>
Subject: Re: [ct-policy] Announcing Newly Qualified Logs -- Sectigo Elephant logs

Hi, From an ip address that doesn't produces any other CT traffic, I get 429's 100% of the time on Elephant2025h2 even at the first request. I wonder if it's not some internal load balancer ip address that gets rate limited? :) ~> curl 'https: //elephant2025h2. ct. sectigo. com/ct/v1/get-sth'

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

Report Suspicious

 

 

ZjQcmQRYFpfptBannerEnd

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/8b7dbcfa-3043-41a7-9ddd-1384a130e920%40app.fastmail.com.