static-ct-api v1.1.0
42 views
Skip to first unread message
Andrew Ayer
Mar 20, 2026, 12:01:24 PM (4 days ago) Mar 20
to Certificate Transparency Policy
Hi all,
I have just tagged static-ct-api v1.1.0 <https://c2sp.org/static...@v1.1.0>
This version allows logs to reject add-pre-chain requests which use a Precertificate Signing Certificate. Since the Baseline Requirements now forbid CAs from using Precertificate Signing Certificates, this change will not prevent CAs from obtaining embedded SCTs.
Some log operators would like to begin rejecting submissions which use Precertificate Signing Certificates, and would appreciate it if browsers updated their CT Log Policies to reference static-ct-api v1.1.0.
Diff from v1.0.0: <https://github.com/C2SP/C2SP/compare/static-ct-api/v1.0.0...static-ct-api/v1.1.0#diff-7d2ea74265fe29dc1d001a842ef6bd965b77c5d33e0aa7ac9147afe702b31926>
Regards,
Andrew
I have just tagged static-ct-api v1.1.0 <https://c2sp.org/static...@v1.1.0>
This version allows logs to reject add-pre-chain requests which use a Precertificate Signing Certificate. Since the Baseline Requirements now forbid CAs from using Precertificate Signing Certificates, this change will not prevent CAs from obtaining embedded SCTs.
Some log operators would like to begin rejecting submissions which use Precertificate Signing Certificates, and would appreciate it if browsers updated their CT Log Policies to reference static-ct-api v1.1.0.
Diff from v1.0.0: <https://github.com/C2SP/C2SP/compare/static-ct-api/v1.0.0...static-ct-api/v1.1.0#diff-7d2ea74265fe29dc1d001a842ef6bd965b77c5d33e0aa7ac9147afe702b31926>
Regards,
Andrew
Reply all
Reply to author
Forward
0 new messages