Google CT log mirror list
618 views
Skip to first unread message
lua...@gmail.com
Jun 30, 2022, 5:40:14 AM6/30/22
to certificate-transparency
Hello,
I'm wondering if there is a list anywhere of all the logs mirrored by Google?
I'm specifically looking for Digicert's Yeti2022-2 log as have very restrictive ratelimiting that makes creating a mirror very slow.
The original Yeti2022 is at https://ct.googleapis.com/logs/eu1/mirrors/digicert_yeti2022 but no Yeti2022-2. Are the Google mirrors only made public after a log is retired?
Thank you,
Evan
Pavel Kalinnikov
Jun 30, 2022, 5:47:16 AM6/30/22
to certificate-...@googlegroups.com
Hi Evan,
Mirrors for CT logs are operated at best effort, and we don't yet have a definitive answer to when we start mirroring a log. We are working on it though.
Are the Google mirrors only made public after a log is retired?
Most definitely it's quite late to do so when the log is retired. We are considering options like: during the probation period, or when the log is accepted to Chrome.
With the Yeti2022-2 log, we simply forgot to start the mirror. Would you like us to do so? Rate limiting is not a big problem, as long as we can download the log at a somewhat bigger rate then its growth rate.
Thank you,
Pavel
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/f7c882a8-2b2e-4f78-a65f-655fc09cbbccn%40googlegroups.com.
Evan Graham
Jun 30, 2022, 11:38:51 AM6/30/22
to certificate-...@googlegroups.com
Hi Pavel,
Thanks for getting back to me.
If you could start mirroring it, I would very much appreciate that. I'd be interested in knowing if you do hit any ratelimit issues as currently my backlog is growing, not shrinking.
Thank you,
Evan
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/CADF%2BPP5cX346_%3D%2BjSHW%3D_sop-bcW2%3DQFsvfqdnfgPTETvSw9PQ%40mail.gmail.com.
Rasmus Dahlberg
Jul 1, 2022, 9:32:50 AM7/1/22
to certificate-transparency
Hi Evan,
-Rasmus
I'm unable to reproduce a backlog that is growing rather than shrinking.
My setup is configured to back-off 15s if a rate-limit is encountered.
That said, it would be challenging to download this log from scratch at
the current pace. A mirror with a looser rate-limit would be helpful!
My setup is configured to back-off 15s if a rate-limit is encountered.
That said, it would be challenging to download this log from scratch at
the current pace. A mirror with a looser rate-limit would be helpful!
-Rasmus
Evan Graham
Jul 1, 2022, 9:24:31 PM7/1/22
to certificate-...@googlegroups.com
Hi Rasmus,
Thanks for testing this, after tweaking the back-off I'm up to ~120k entries/hour.
With a growth rate of ~100k/hour I think mirroring this log in a reasonable amount of time is impossible.
Thanks
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/aa411fff-0ecc-4fb8-b66c-4c6e8e8a2b99n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages