New log_list.zip file on gstatic

106 views
Skip to first unread message

Kat Joyce

unread,
Jun 18, 2020, 8:05:14 PM6/18/20
to Certificate Transparency Policy, certificate-...@googlegroups.com
Hi everyone,

In the last couple of months, it has been brought to our attention that some users of the files hosted at http://www.gstatic.com/ct/log_list/v2/log_list.json and http://www.gstatic.com/ct/log_list/v2/log_list.sig have had the occasional issue with these two files being out of sync shortly after being updated.  The reason for this issue is that the gstatic servers have a cache policy of 1 hour for these files, meaning that if you happen to hit different gstatic servers when fetching them, or if one of the files has been fetched more recently than the other, there is a window of up to an hour after a change to the log list during which you could receive a signature file that doesn't verify against the received json file.

In order to provide a simple way to be sure to get a matching pair of files, we are now serving http://www.gstatic.com/ct/log_list/v2/log_list.zip alongside the .json and .sig files.  log_list.zip contains a copy of log_list.json and log_list.sig.

We hope this helps anyone for whom the gstatic caching policy has been an issue.

Kat
Reply all
Reply to author
Forward
0 new messages