Is there an easy way to add a new root to the CT logs which are managed by the many parties? Or do we have to reach out to each log owner individually?Thanks, Bruce.
--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/cefba06b-41f0-40c2-acfb-f2f0aeaa0266o%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/98aeabd8-9b72-4c28-836a-e410f477e535o%40chromium.org.
Hi Bruce. See also https://crt.sh/monitored-logs?recognizedBy=Chromium. It's obviously not a canonical source, but it should be consistent. Click the "Usable" links to open the logs' Inclusion Requests.
To: Bruce Morton <bruce...@entrust.com>
Cc: Certificate Transparency Policy <ct-p...@chromium.org>; Ryan Sleevi <rsl...@chromium.org>
Subject: Re: [ct-policy] Add New Root to CT Logs
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
419255I just filed https://github.com/chromium/ct-policy/issues/28 to make this easier for the logs that are Qualified in Google Chrome.
Currently, the "best" way right now (for Chrome) is to view https://goo.gl/chrome/ct-policy . Under the "Qualified In" column, it will link to the commit that added the log. The commit will have a "BUG=" which you can load at https://crbug.com/[bug number] - e.g. https://crbug.com/419255 . The CT in Chrome policy requires the Log state their policies, so hopefully that provides some clarity.
This obviously could benefit from some improvement, so the bug I just filed should help make it easier. In the absence of that, you can of course reach out to the individual Log Operators and request they add your certificate, assuming it's eventually intended to be used for TLS in browsers.