Turning down non temporal Google CT Logs

[Philippe Boneff]

Hello,

A few years ago the Google CT team tried to turn down non temporal Google CT Logs. To prevent a backward compatibility issue with legacy Apple clients, we decided to keep them running for some time, while restricting their trust anchors. A few years down the line, and with Chrome 101 removing or retiring non temporal Google CT Logs, we are now proceeding with those initial plans.

We will turn down the following logs:

• Google 'Aviator' log (https://ct.googleapis.com/aviator/)

• Google 'Icarus' log (https://ct.googleapis.com/icarus/)

• Google 'Pilot' log (https://ct.googleapis.com/pilot/)

• Google 'Rocketeer' log (https://ct.googleapis.com/rocketeer/)

• Google 'Skydiver' log (https://ct.googleapis.com/skydiver/)

Here is the turndown timeline:

• 2022-05-02T00:00:00Z: Google 'Icarus', 'Pilot', 'Rocketeer' and 'Skydiver' start rejecting new entries

• 2022-05-16T00:00:00Z: Google 'Icarus', 'Pilot', 'Rocketeer', 'Skydiver' and 'Aviator' endpoints start returning 404

Cheers,

Philippe on behalf of the Google CT Team

[Philippe Boneff]

Hello,

Following Chrome Temporary rollback of recent Google log retirements, we are postponing the the turndown timeline.

Google 'Icarus', 'Pilot', 'Rocketeer' and 'Skydiver' now reject new entries but are still readable.

We will not configure configure Google 'Icarus', 'Pilot', 'Rocketeer', 'Skydiver' and 'Aviator' to return 404 on read endpoints on 2022-05-16.

Cheers,

Philippe on behalf Google's Certificate Transparency Team

[Dustin Hollenback]

Hello Philippe,

Would it be possible for these logs to continue to be accessible until the remaining certificates logged to them expire? If not, do you have an estimate of when this 404 change will be postponed to?

Thank you,

Dustin