Launching Google mirrors for CT logs
Pavel Kalinnikov
Hi everyone,
On behalf of the Certificate Transparency team at Google I would like to announce that we are launching mirrors of all CT logs recognized by Chrome (including some rejected/read-only ones):
Cloudflare Nimbus 2018-2023
https://ct.googleapis.com/logs/us1/mirrors/cloudflare_nimbus{2018-2023}
Chrome bugs: https://crbug.com/780654, https://crbug.com/780655, https://crbug.com/780656, https://crbug.com/780657, https://crbug.com/859093, https://crbug.com/888130
Digicert Log Server 1 [https://crbug.com/419255]
Digicert Log Server 2 [https://crbug.com/698094]
Digicert Nessie 2018-2023 [https://crbug.com/801624]
Digicert Yeti 2018-2023 [https://crbug.com/796333]
Sectigo (former Comodo) Mammoth [https://crbug.com/703699]
Sectigo (former Comodo) Sabre [https://crbug.com/703700]:
Venafi Gen2 CT Log [https://crbug.com/688510]:
We do so with the purpose of making the CT ecosystem more robust.
The existing mirrors for shut-down Symantec logs remain running at:
https://ct.googleapis.com/logs/mirrors/symantec_ct [https://crbug.com/483625]
https://ct.googleapis.com/logs/mirrors/symantec_sirius [https://crbug.com/692782]
https://ct.googleapis.com/logs/mirrors/symantec_vega [https://crbug.com/554549]
The mirrors expose the following read-only endpoints specified in RFC 6962:
ct/v1/get-sth
ct/v1/get-sth-consistency
ct/v1/get-proof-by-hash
ct/v1/get-entries
ct/v1/get-entry-and-proof
For example, one can get an STH as follows:
$ wget https://ct.googleapis.com/logs/us1/mirrors/cloudflare_nimbus2019/ct/v1/get-sth
WARNING: We do not commit to keeping the mirrors available with any particular SLOs.
We might also change their address or shut them down. If we do so, we will send a notice to this mailing list in advance.
If you believe we missed a log, please let us know.
Thank you,
Pavel