Rate Limits of get-entries for Sectigo & Let's encrypt & TrustAsia

[umar]

Hi, 

I want to know how much entries can i get in a single request to these operators sectigo, let's encrypt and trust asia using below url

<operators_url>/ct/v1/get_entries?start=<>&end=<>

I want to know the limit between start & end.

Regards,
Umar

[Rob Stradling]

Sectigo's RFC6962 logs use CF_CTile to serve get-entries requests.  CF_CTile returns at most 256 entries, and will return less than that if your "start" parameter is not an exact multiple of 256.

[Matt Palmer]

While you may think you want to do this, you actually really don't.
Instead, just set `end` to the log's entry count (as given by get-sth).
Then, for the next request, set start to the previous start plus however
many entries you actually got back last time.

- Matt

[Phil Porada]

Hi Umar,

Trillian-based logs should be setting `max_get_entries` and `align_getentries` in the `ctfe` which determine how much data is returned. Sunlight-based logs return data up to a tile boundary [1][2]. You can verify tile boundaries yourself by picking an arbitrary start and end value and checking how much data is actually returned. Keep in mind that in our blog post [1] we specified 256 ;).

```

$ curl -sL 'https://oak.ct.letsencrypt.org/2026h1/ct/v1/get-entries?start=0&end=500' | jq -r '.[].[].leaf_input' | wc -l
256
```

[1] https://letsencrypt.org/2024/03/14/introducing-sunlight#serving-tiles

[2] https://transparency.dev/articles/tile-based-logs/

--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/98f4a6e0-b7ef-43b7-a989-8e2e2366d0d5n%40chromium.org.