Apple CT Log List and Schema Update

[Clint Wilson]

Hello All,

Apple has updated its CT Log List from version 182 to 227. These updates represent a notable update to the schema in support of device compatibility with the CT Log List, as well as updates to several logs’ statuses and the inclusion of new logs.

Schema Update and a New Field

A new top-level object has been added to the CT Log List: "assetVersionV2". The object was introduced in part to address an issue with some devices not properly maintaining a current CT Log List and will be present on all future CT Log List versions. The value associated with "assetVersionV2" will also be displayed in recent and future versions of related iOS settings once updated to the new CT Log List.
The "assetVersion" object will also continue to be present. The values associated with these objects are not related and should not be expected to match or correlate.

The addition also results in an updated CT Log List schema, which can be found here: https://valid.apple.com/ct/log_list/schema_versions/log_list_schema_v4.json

Rejected Logs

The following logs have transitioned from “usable” to “rejected”:

Cloudflare 'Nimbus2022' Log (https://ct.cloudflare.com/logs/nimbus2022)
Log ID: "QcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvY="

DigiCert Nessie2022 Log (https://nessie2022.ct.digicert.com/log)
Log ID: "UaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeU="

Google Argon2022 Log (https://ct.googleapis.com/logs/argon2022)
Log ID: "KXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4Q="

Google Xenon2022 Log (https://ct.googleapis.com/logs/xenon2022)
Log ID: "RqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUc="

Let's Encrypt Oak2022 Log (https://oak.ct.letsencrypt.org/2022)
Log ID: "36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnM=“

Trust Asia Log2022 Log (https://ct.trustasia.com/log2022)
Log ID: "w2X5s2VPMoPHnamOk9dBj1ure+MlLJjh0vBLuetCfSM=“

The following logs have transitioned from “retired” to “rejected”:

DigiCert Yeti2022 Log (https://yeti2022.ct.digicert.com/log)
Log ID: "IkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwI="

DigiCert Yeti2022-2 Log (https://yeti2022-2.ct.digicert.com/log)
Log ID: "BZwB0yDgB4QTlYBJjRF8kDJmr69yULWvO0akPhGEDUo="

DigiCert CT2 Log (https://ct2.digicert-ct.com/log)
Log ID: "h3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8="

DigiCert Log Server (https://ct1.digicert-ct.com/log/)
Log ID: "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="

Retired Logs

The following logs have transitioned from “usable” to “retired”:

DigiCert 'Nessie 2023' log (https://nessie2023.ct.digicert.com/log/)
Log ID: "s3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZo="

DigiCert 'Nessie 2024' log (https://nessie2024.ct.digicert.com/log/)
Log ID: "c9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crU="

Newly Qualified Logs

The following logs have been added as “qualified":

Cloudflare 'Nimbus 2025' log

• Log ID: zPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbA=
• Log URL: https://ct.cloudflare.com/logs/nimbus2025/
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

Google 'Argon 2025H1' log

• Log ID: TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8=
• Log URL: https://ct.googleapis.com/logs/us1/argon2025h1/
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jul 01 2025 00:00:00Z exclusive

Google 'Argon 2025H2' log

• Log ID: EvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjo=
• Log URL: https://ct.googleapis.com/logs/us1/argon2025h2/
• Certificate Expiry Range: Jul 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

Google 'Xenon 2025H1' log

• Log ID: zxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwg=
• Log URL: https://ct.googleapis.com/logs/eu1/xenon2025h1/
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jul 01 2025 00:00:00Z exclusive

Google 'Xenon 2025H2' log

• Log ID: 3dzKNJXX4RYF55Uy+sef+D0cUN/bADoUEnYKLKy7yCo=
• Log URL: https://ct.googleapis.com/logs/eu1/xenon2025h2/
• Certificate Expiry Range: Jul 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

Let's Encrypt 'Oak2025H1' log

• Log ID: ouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+c=
• Log URL: https://oak.ct.letsencrypt.org/2025h1
• Certificate Expiry Range: Dec 20 2024 00:00:00Z inclusive to Jul 20 2025 00:00:00Z exclusive

Let's Encrypt 'Oak2025H2' log

• Log ID: DeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQ=
• Log URL: https://oak.ct.letsencrypt.org/2025h2
• Certificate Expiry Range: Jun 20 2025 00:00:00Z inclusive to Jan 20 2026 00:00:00Z exclusive

Sectigo 'Mammoth2024H1' log

• Log ID: KdA6G7Z0qnEc0wNbZVfBT4qni0/oOJRJ7KRT+US9JGg=
• Log URL: https://mammoth2024h1.ct.sectigo.com
• Certificate Expiry Range: Jan 01 2024 00:00:00Z inclusive to Jul 01 2024 00:00:00Z exclusive

Sectigo 'Mammoth2024H2' log

• Log ID: 3+FW66oFr7WcD4ZxjajAMk6uVtlup/WlagHRwTu+Ulw=
• Log URL: https://mammoth2024h2.ct.sectigo.com 
• Certificate Expiry Range: Jul 01 2024 00:00:00Z inclusive to Jan 01 2025 00:00:00Z exclusive

Sectigo 'Mammoth2025H1' log

• Log ID: E0rfGrWYQgl4DG/vTHqRpBa3I0nOWFdq367ap8Kr4CI=
• Log URL: https://mammoth2025h1.ct.sectigo.com
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jul 01 2025 00:00:00Z exclusive

Sectigo 'Mammoth2025H2' log

• Log ID: rxgaKNaMo+CpikycZ6sJ+Lu8IrquvLE4o6Gd0/m2Aw0=
• Log URL: https://mammoth2025h2.ct.sectigo.com
• Certificate Expiry Range: Jul 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

Sectigo 'Sabre2024H1' log

• Log ID: ouK/1h7eLy8HoNZObTen3GVDsMa1LqLat4r4mm31F9g=
• Log URL: https://sabre2024h1.ct.sectigo.com
• Certificate Expiry Range: Jan 01 2024 00:00:00Z inclusive to Jul 01 2024 00:00:00Z exclusive

Sectigo 'Sabre2024H2' log

• Log ID: GZgQcQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/OSj8WtMo=
• Log URL: https://sabre2024h2.ct.sectigo.com
• Certificate Expiry Range: Jul 01 2024 00:00:00Z inclusive to Jan 01 2025 00:00:00Z exclusive

Sectigo 'Sabre2025H1' log

• Log ID: 4JKz/AwdyOdoNh/eYbmWTQpSeBmKctZyxLBNpW1vVAQ=
• Log URL: https://sabre2025h1.ct.sectigo.com
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jul 01 2025 00:00:00Z exclusive

Sectigo 'Sabre2025H2' log

• Log ID: GgT/SdBUHUCv9qDDv/HYxGcvTuzuI0BomGsXQC7ciX0=
• Log URL: https://sabre2025h2.ct.sectigo.com
• Certificate Expiry Range: Jul 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

TrustAsia 'Log2024-2' log

• Log ID: h0+1DcAp2ZMd5XPp8omejkUzs5LTiwpGJXS/D+6y/B4=
• Log URL: https://ct2024.trustasia.com/log2024/
• Certificate Expiry Range: Jan 01 2024 00:00:00Z inclusive to Jan 01 2025 00:00:00Z exclusive

TrustAsia 'Log2025A' log

• Log ID: KOKBOP2DIUXpqdaqdTdtg3eohRKzwH9yQUgh3L3pjGY=
• Log URL: https://ct2025-a.trustasia.com/log2025a
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

TrustAsia 'Log2025B' log

• Log ID: KCyL3YEP+QkSCs4W1uDsIBvqgqOkrxnZ7/tZ6D/cQmg=
• Log URL: https://ct2025-b.trustasia.com/log2025b
• Certificate Expiry Range: Jan 01 2025 00:00:00Z inclusive to Jan 01 2026 00:00:00Z exclusive

Apple's current log list is available at https://valid.apple.com/ct/log_list/current_log_list.json.
Apple's current log list schema is available at https://valid.apple.com/ct/log_list/current_log_list_schema.json.

Details on Apple's log policy are available at https://support.apple.com/en-us/HT205280.
Apple's log program requirements, including definitions for CT log states, are available at https://support.apple.com/en-us/HT209255.
Prior versions of this log list may be found under https://valid.apple.com/ct/log_list/log_list_versions/log_list_v<list version>.json (e.g. https://valid.apple.com/ct/log_list/log_list_versions/log_list_v182.json).

Thanks!
-Clint