cert.sh - Certificate Transparency Header

[Shubham Agarwal]

I just checked some certificated issued by Lets Encrypt and then in Certificate Transparency field for one domain I found 3 entries, in another one I found 4 and in another there are 5 entries of Log servers.

3 Entries in below one: 

4 entries in below one :

5 Entries in below one :

Can someone explain it why such happens for same CA. 

[Hanno Böck]

On Wed, 8 Nov 2017 05:09:49 -0800 (PST)
Shubham Agarwal <shubha...@gmail.com> wrote:

> I just checked some certificated issued by Lets Encrypt and then in
> Certificate Transparency field for one domain I found 3 entries, in
> another one I found 4 and in another there are 5 entries of Log
> servers.

[...]

> Can someone explain it why such happens for same CA.

Everyone can submit certificates to logs if the log accepts them.
Therefore this is totally expected.
Maybe some of the cert owners submitted them themselve. Or they use a
service that automatically submits the cert to logs that they don't get
submitted by default. Or some researcher submitted them. Or ...
Plenty of possibilities and not at all surprising.

--
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

[Jacob Hoffman-Andrews]

Two other common reasons:

 - Over time, the set of logs that a CA submits to can change
 - Assuming a CA submits to many logs, some of those log submissions may fail or be cancelled.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/3e18a35b-e7ce-4690-af02-cc0577ac413a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.