Hi all,
Apple has published an update to our log list, from version 86 to 87, and we are announcing the following state transition in this update.
Usable to Retired
The following log has been transitioned from usable to retired:
Due to DigiCert’s recently announced possible compromise of the DigiCert Log Server 2’s signing key[1], we are retiring this CT Log in version 87 of Apple’s CT Log List, enforcing a retirement timestamp of 2020-05-04T00:00:40Z. SCTs generated prior to this date will be considered “once-approved”.
Note that on Apple platforms, for SCTs presented via TLS extension or OCSP stapling, Apple’s CT Policy requires that all SCTs be from currently approved CT logs; once-approved SCTs do not qualify.
For SCTs embedded in a TLS certificate, a minimum of one SCT must be from a currently approved CT log, while additional SCTs may be from a once-approved CT log.
As with all log list updates, the changes published to
https://valid.apple.com/ct/log_list/current_log_list.json will be enforced on Apple platforms a few weeks after the update is made.
Apple's current log list is available at
https://valid.apple.com/ct/log_list/current_log_list.json.
Apple’s current log list schema is available at
https://valid.apple.com/ct/log_list/current_log_list_schema.json.