Call for 2027 Log Shards

[Joe DeBlasio]

Hi ct-policy@,

We are inviting applications for the inclusion of 2027 log shards. Both RFC6962 and static-ct-api logs are welcome.

To ensure adequate time for compliance monitoring, rollout, and processing, please submit 2027 log shards no later than August 1, 2025. We can not guarantee that logs submitted after that date will reach Usable status (even if passing compliance monitoring) before certificates needing those logs are issued. Shards submitted after August 1 will still be evaluated for inclusion, but delayed include results in reduced redundancy and certificate issuance capacity for the entire WebPKI until those late logs are usable. 

Two additional notes:

• If you are an operator of an existing Qualified or Usable log in Chrome's log list and you are not planning on running a 2027 log shard, we would appreciate a heads-up as soon as possible so that we can plan accordingly.

• As of now, Chrome has only received an inclusion application for static-ct-api logs from a single operator, and so the robustness of static-ct-api log implementations remains unproven. As a result, we ask (but are not requiring) operators with existing Qualified or Usable RFC6962 logs to offer RFC6962-compliant shards for at least 2027H1.

The log policy provides additional instructions on how to apply for inclusion, but as always, please reach out with any questions.

Joe, on behalf of the Chrome CT team

[Pierre Barre]

Hi,

> As of now, Chrome has only received an inclusion application for static-ct-api logs from a single operator, and so the robustness of static-ct-api log implementations remains unproven. As a result, we ask (but are not requiring) operators with existing Qualified or Usable RFC6962 logs to offer RFC6962-compliant shards for at least 2027H1.

Is it planned to completely retire RFC6962 long-term, essentially making it obsolete?

Best,

Pierre

--

You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/CAFZs0S4-TNo1dKoPdw0dGE8LWJfvcp0QrqinAR_TfDZZPH5dBg%40mail.gmail.com.

[Filippo Valsorda]

We have set up and submitted 2027 shards of the Tuscolo log.

• https://tuscolo2027h1.sunlight.geomys.org/log.v3.json
• https://tuscolo2027h2.sunlight.geomys.org/log.v3.json
  

In case anyone could find it useful, this is our new shard runbook.

[Joe DeBlasio]

On Sun, Jun 1, 2025 at 1:37 AM Pierre Barre <pierre...@barre.sh> wrote:

Hi,

> As of now, Chrome has only received an inclusion application for static-ct-api logs from a single operator, and so the robustness of static-ct-api log implementations remains unproven. As a result, we ask (but are not requiring) operators with existing Qualified or Usable RFC6962 logs to offer RFC6962-compliant shards for at least 2027H1.

Is it planned to completely retire RFC6962 long-term, essentially making it obsolete?

Our plans for static-ct-api/RFC6962 spec support were previously discussed in the policy change announcement and remain unchanged at this time.

Joe

[Rick Roos]

Hi Chrome CT team,

Come November 30th, CAs will be able to start issuing certificates that expire in 2027.  Below is my understanding of when the 2027 logs will become usable in Chrome. Can you help confirm or correct my understanding of when these logs will be considered usable?

Usable right now:
Elephant2027h1
Tiger2027h1
Tuscolo2027h1

Usable before November 30, 2025:
Nimbus2027
Sycamore2027h1
Willow2027h1
Gouda2027h1

Usable sometime December 2025:
Argon2027h1
Xenon2027h1
Wyvern2027h1
sphinx2027h1
HETU2027
Halloumi2027h1

Thanks,
Rick

--

[Joe DeBlasio]

Hi Rick,

I believe your determinations are exactly correct.

Best,

Joe

[Rick Roos]

Great, thank you.

Rick

[Rob Stradling]

[+certificate-tran...@group.apple.com]

Hi Apple CT Log Program representatives.

The only 2027 logs that are currently Usable in the Apple CT Log List are the Elephant and Tiger shards.  That's a single log operator (Sectigo).

Several other log operators' 2027 shards are Qualified in the Apple CT Log List.  Will these transition to Usable before November 30th 2025?

Thanks.

(In both the Chrome and Apple log lists: the expiry range for TrustAsia Log2026A and Log2026B ends 2027-01-08T00:00:00Z, and the expiry range for Let's Encrypt Oak2026h2 ends 2027-01-20T00:00:00Z.  So that's a temporary backup plan if the Usable-ity of additional 2027 shards is delayed, albeit with precious little redundancy).

---

From: ct-p...@chromium.org <ct-p...@chromium.org> on behalf of Rick Roos <rick...@gmail.com>
Sent: 07 November 2025 17:19
To: Joe DeBlasio <jdeb...@chromium.org>
Cc: Certificate Transparency Policy <ct-p...@chromium.org>
Subject: Re: [ct-policy] Call for 2027 Log Shards

 

Great, thank you. Rick On Fri, Nov 7, 2025 at 10: 11 AM Joe DeBlasio <jdeblasio@ chromium. org> wrote: Hi Rick, I believe your determinations are exactly correct. Best, Joe On Fri, Nov 7, 2025 at 8: 59 AM Rick Roos <rickroos@ gmail. com>

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

Report Suspicious

 

ZjQcmQRYFpfptBannerEnd

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/CACrB8xksHyeDpogooH03WXnV4CtAEie%3Dt-FPvg4fF8f1fTqfbg%40mail.gmail.com.

[Bailey Basile]

Yes, Qualified logs as of version 428 will transition to Usable before November 30th.

[Rob Stradling]

Thanks Bailey!  That will mean that 2027 shards from an additional 6 log operators will be Usable.

[Matthew McPherrin]

FYI, it looks like Apple's updated their log lists today with a set of newly usable logs today.

Diff: https://github.com/mcpherrinm/pki-data/commit/7199496065b41a0d641fdb60366b4be7c9051773#diff-0861662c8f121bd951f0bdbe9430b0f2eefcffe552a2d43d100348c2850df1f4

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/ee166779-709e-49ff-b14d-49800cd1c06bn%40chromium.org.