Why didn’t apple trust Wyvern2027h1 and sphinx2027h1 ctlog?

[Arabella Barks]

DigiCert 'Wyvern2027h1'
LogID: 00 1A 5D 1A 1C 2D 93 75 B6 48 55 78 F8 2F 71 A1 AE 6E EF 39 7D 29 7C 8A E3 15 7B CA DE E1 A0 1E
DigiCert 'sphinx2027h1'
LogID: 46 A2 39 67 C6 0D B6 46 87 C6 6F 3D F9 99 94 76 93 A6 A6 11 20 84 57 D5 55 E7 E3 D0 A1 D9 B6 46

[Andrew Ayer]

Hi Arabella,

I recommend raising this on the ct-policy mailing list (https://groups.google.com/a/chromium.org/g/ct-policy).

Though my question would be - why is Certum issuing certificates with embedded SCTs from a log that's not listed as Qualified or Usable in Apple's log list?

This certificate also contains an SCT from Google Argon 2027h1, which while Usable by Apple, is not yet Usable by Chrome or Mozilla.

Regards,
Andrew

> --
> You received this message because you are subscribed to the Google
> Groups "dev-secur...@mozilla.org" group. To unsubscribe from
> this group and stop receiving emails from it, send an email to
> dev-security-po...@mozilla.org. To view this discussion
> visit
> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/e437bda8-611f-47fd-95c5-bba884394f36n%40mozilla.org.

[Arabella Barks]

Hey Andrew,

Thanks for expanding on the topic! I know following up in a further thread comment isn’t ideal,
but I’m curious -- where did you learn that "Google Argon 2027h1, which is usable by Apple, is not yet usable by Chrome or Mozilla"? From my testing, Google Argon 2027h1 has actually been verified to work on Chrome:

Regards,
Ara.

[Andrew Ayer]

On Tue, 2 Dec 2025 08:16:19 -0800 (PST)
Arabella Barks <arabel...@gmail.com> wrote:

> Thanks for expanding on the topic! I know following up in a further
> thread comment isn’t ideal,
> but I’m curious -- where did you learn that "Google Argon 2027h1,
> which is usable by Apple, is not yet usable by Chrome or Mozilla"?
> From my testing, Google Argon 2027h1 has actually been verified to
> work on Chrome:

Hi Ara,

In Google's JSON log list <https://www.gstatic.com/ct/log_list/v3/log_list.json>, Argon 2027h1 is listed as "qualified" not "usable".

Usable means that the log is expected to work in up-to-date clients, but there are still out-of-date clients in which it won't work. This is why your test was successful, but it's still a bad idea for CAs to rely on the log.

Regards,
Andrew

[Aaron Gable]

Per Chrome's all_logs_list.json, the Argon2027h1 log is Qualified but not yet Usable. That means that some up-to-date Chrome instances may trust it (as your testing found), but not all Chrome instances around the world. It generally takes about 70 days for a log to transition from Qualified to Usable, to account for this propagation delay.

To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/4ee3e1f9-d132-44ad-b522-c3469ff687acn%40mozilla.org.

[Andrew Ayer]

On Tue, 2 Dec 2025 11:31:16 -0500
Andrew Ayer <ag...@andrewayer.name> wrote:

> Usable means that the log is expected to work in up-to-date clients, but there are still out-of-date clients in which it won't work.

Correction: *Qualified* means that the log is expected to work in up-to-date clients, but there are still out-of-date clients in which it won't work.

[Rob Stradling]

Over at ct-policy, Andrew has posted some further analysis on this topic.  Several CAs are making mistakes when choosing which CT logs to embed SCTs from.

And today I've announced ctlint, a certificate/precertificate linting tool that checks for CT compliance.  Using crt.sh's integration with pkimetal and pkimetal's new integration with ctlint, here's what ctlint reports for Arabella's example that started this thread:

https://crt.sh/?id=22863122821&opt=pkimetal

"ctlint v0.0.0-20251202204249-6806d5396dad:

 WARNING: SCT list contains fewer approved SCTs than required by the Apple CT Policy
 WARNING: SCT list satisfies the Chrome CT Policy using at least 1 SCT from a Qualified log that is not yet Usable
    INFO: An SCT has a valid signature
    INFO: An SCT has a valid signature
    INFO: An SCT has a valid signature"

[Chya-Hung Tsai]

Hi all,

TWCA is aware of this issue. The root cause was an oversight in our CA implementation regarding the monitoring of CT log server status.

We have since implemented a fix by temporarily disabling log servers that are in the 'Qualified' state to prevent the situation from escalating. Furthermore, we have completed the assessment of potentially affected certificates and are currently contacting users for certificate reissuance, even though the exact degree of browser impact remains uncertain at this time

Regards,

ChyaHung Tsai

TWCA

Rob Stradling 在 2025年12月3日 星期三清晨7:26:21 [UTC+8] 的信中寫道：

[Arabella Barks]

Hi all webPKI experts,

Do you consider the certificates using the {Argon, Xenon, Sphinx, Wyvern} 2027H1 embedded SCT to be non-compliant?

Regards,

Ara.

[Aaron Gable]

They're not non-compliant, and they don't need to be revoked. This is because, so far, browsers have kept their Root Program Policy and their CT Log Policy separate.

However, these certificates may not work in all browsers, so they probably should be replaced. And some root programs are moving to include more specific CT logging requirements in their Root Program Policies, so this might become a misissuance in the near future.

Aaron

--

You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.

To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/223785d7-168b-48e7-9219-43d8f8937703n%40mozilla.org.