Attention CAs: {Argon, Xenon, Sphinx, Wyvern} 2027h1 are NOT usable!

[Andrew Ayer]

Argon 2027h1 and Xenon 2027h1 are Qualified but not yet Usable in Chrome. This means that while up-to-date Chrome clients will recognize SCTs from these logs, there are still out-of-date Chrome clients which will not.

Sphinx 2027h1 and Wyvern 2027h1 are neither Qualified nor Usable in Apple. This means Apple platforms will not recognize these SCTs at all.

I have detected that the following CAs have been issuing certificates which rely on embedded SCTs from some or all of these unusable logs:

Certum
Cybertrust Japan
GlobalSign
Izenpe
NAVER
SECOM
SHECA
SSL.com
TWCA
TrustAsia

Certificates expiring in 2027 issued by the above CAs may not work on Apple platforms or out-of-date Chrome and Firefox (and Edge?) browsers.

CAs should only be embedding SCTs from logs which are Usable in both Apple and Chrome's JSON log lists, rather than assuming any log with "2027h1" in the name is suitable.

Regards,
Andrew

[Rob Stradling]

Tools exist that can help CAs detect and/or avoid making this kind of mistake:

- SSLMate's Certificate Transparency Policy Analyzer can check if a website is CT compliant.  (Thanks Andrew!)

- ctlint was launched today (see the announcement) and has been integrated into pkimetal (v1.31.0).  It can assist with CT compliance checking during certificate preissuance linting (*).

(*) Implementation note to CAs:

TLS BR 4.3.1.2 says that "When a Precertificate has undergone Linting, it is not necessary for the corresponding to‐be‐signed Certificate to also undergo Linting..."

However, in order to benefit from ctlint's comprehensive embedded SCT list compliance checks, it is "necessary for the corresponding to-be-signed Certificate to also undergo Linting".

[Rollin Yu]

TrustAsia issued a test certificate on December 1, 2025 to verify the 2027 CT Logs.
Although the certificate includes one SCT from a Qualified CT Log (Xenon2027h1), it also contains three SCTs from Usable CT Logs (Tuscolo2027h1, Tiger2027h1, TrustAsiaLog2026A).
Therefore, this certificate can function normally in browsers.

https://crt.sh/?sha256=817EEBEBC6B939BD3D5F13CE824E6A449AAEF81FF6FCA095056E071F03F9A490

[Andrew Ayer]

On Wed, 3 Dec 2025 00:15:02 -0800 (PST)
Rollin Yu <roll...@trustasia.com> wrote:

> TrustAsia issued a test certificate on December 1, 2025 to verify the
> 2027 CT Logs.
> Although the certificate includes one SCT from a Qualified CT Log
> (Xenon2027h1), it also contains three SCTs from Usable CT Logs
> (Tuscolo2027h1, Tiger2027h1, TrustAsiaLog2026A).
> Therefore, this certificate can function normally in browsers.
>
> https://crt.sh/?sha256=817EEBEBC6B939BD3D5F13CE824E6A449AAEF81FF6FCA095056E071F03F9A490

Hi Rollin,

Thanks for the correction. I had a bug in my query which caused SCTs from TrustAsiaLog2026A to be excluded from my analysis. After fixing the bug, TrustAsia is no longer on the list of affected CAs. It didn't affect the analysis for the other CAs.

Regards,
Andrew

[Andrew Ayer]

On Tue, 2 Dec 2025 21:59:49 -0800 (PST)
Arabella Barks <arabel...@gmail.com> wrote:

> Do you consider the certificates using the {Argon, Xenon, Sphinx,
> Wyvern} 2027H1 embedded SCT to be non-compliant?

They are _not_ non-compliant with the Baseline Requirements or root store policies. Therefore, the BR's revocation requirements do not apply.

However, they are non-compliant with various Certificate Transparency policies, which means that they are not going to work in some browsers. Most CAs want their certificates to work in a wide variety of clients, so it's a really good idea to comply with CT policy even if it's not a BR/root store requirement!

Regards,
Andrew