Need help to understand why certificates with an old SCT appear in latest logs

[Scott Gregory]

I would greatly appreciate if anyone could comment on the following. I am using "github.com/google/certificate-transparency-go v1.1.1".

When acquiring latest CT log entries (starting from GetSTH() -> TreeSize) on 11 Oct 2021, I notice entries with "old" NotBefore and SCT timestamps.

An example follows:
* https://oak.ct.letsencrypt.org/2021/

* https://crt.sh/?sha1=0175b651249cf2e89faa050e6b8f9e0338b03903

* NotBefore: May 17 00:00:00 2019 GMT

* SCT: May 17 18:54:28.014 2019 GMT (from Google SkyDiver log) - other SCTs on this cert have similar times

My question is, why is a certificate issued over a year and a half ago included in a recent log? There are many examples like this from various CT logs. Would this certificate have shown up in this log previously - is it a duplicate?

Thanks

[Mohammadamin Karbasforushan]

Hey,

What you are seeing is the following scenario: 1. The certificate was initially presented to the log in 2019, around when it was issued, probably by its issuer; 2. it was presented to the log again on Oct 11th, 2021; and 3. the log chose to not issue a new SCT and just returned the old one. This is valid CT Log behavior based on the RFC -- RFC6962 Section 3: "When a valid certificate is submitted to a log, the log MUST immediately return a Signed Certificate Timestamp (SCT). The SCT is the log's promise to incorporate the certificate in the Merkle Tree within a fixed amount of time known as the Maximum Merge Delay (MMD). If the log has previously seen the certificate, it MAY return the same SCT as it returned before."

Hope this helps.

Cheers,

Amin

[Pavel Kalinnikov]

Hi Scott,

Logs are sharded by NotAfter rather than NotBefore. There can be a certificate issued a few years ago (with old NotBefore), and still be active (not passed NotAfter) and present in one of the ongoing/future shards.

Specifically, for the cert that you mentioned, the Not After timestamp is: May 16 23:59:59 2021 GMT.

For the logs that have time sharding, this certificate can only be present in one shard (i.e. argon2021, but not argon2022), the cert is put to the shard that contains the NotAfter timestamp. However, there are a few logs that are not time-sharded (like Pilot, Rocketeer) which can potentially contain the same cert.

Hope this helps,

Pavel

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/480fd0d7-dfe5-487f-bb13-aa71bc1f3719n%40googlegroups.com.