Google Notice on v2 log list
169 views
Skip to first unread message
Gilbert Parreno
May 15, 2023, 11:02:13 AM5/15/23
to certificate-...@googlegroups.com
We received the notice regarding the update v2 log list scheme to v3. Right now we're using v3 log list since we experienced app not working properly last February 2023, I just want to ask would that be enough just updating the url from v2 to v3?
Roger Ng
May 16, 2023, 10:34:54 AM5/16/23
to certificate-transparency
Hello Gilbert,
Updating the URL from v2 to v3 is not enough: the v3 log list comes with no SLA and should not be a critical dependency of your service. The v3 log list could have an outage, and we wouldn't want this outage to take down your app. There have been recent improvements to the appmattus/certificatetransparency library that make CT client enforcement safer, but some risks still remain. Read this if you are interested to know more.
Cheers,
Roger
Updating the URL from v2 to v3 is not enough: the v3 log list comes with no SLA and should not be a critical dependency of your service. The v3 log list could have an outage, and we wouldn't want this outage to take down your app. There have been recent improvements to the appmattus/certificatetransparency library that make CT client enforcement safer, but some risks still remain. Read this if you are interested to know more.
Cheers,
Roger
Gilbert Parreno
May 16, 2023, 7:18:58 PM5/16/23
to certificate-...@googlegroups.com
I have few other questions:
2. Can you at least recommend any library that we can use?
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/6f5fc1a3-60d8-4736-b402-9b0648f3f42bn%40googlegroups.com.
Gilbert Parreno
May 16, 2023, 7:21:47 PM5/16/23
to certificate-...@googlegroups.com
Right now we're using apptamus v1.1.1, new version of the library will break our code due to its kotlin version update.
This is how we switch from v2 to v3:
certificateTransparencyInterceptor { setLogListService( LogListDataSourceFactory.createLogListService( "https://www.gstatic.com/ct/log_list/v3/" ) ) val certifiedHosts = mutableListOf<String>().apply { // urls should be added here } certifiedHosts.forEach { +it } }
Roger Ng
May 18, 2023, 11:43:41 AM5/18/23
to certificate-transparency
Hello Gilbert,
Please read the Important changes to the v2 CT log list announcement for the v2 log list turndown. To the best of our knowledge, there isn’t such an end-to-end CT solution for Android today. However, upgrading to the latest version of appmattus library enables the fail-open mechanism. In case the v3 log list is not reachable, the app will not be crashed.
Cheers,
Roger
Roger
Reply all
Reply to author
Forward
0 new messages