Turning down non temporal Google CT Logs

208 views

Skip to first unread message

Philippe Boneff

unread,

Apr 19, 2022, 9:00:47 AM4/19/22

to ct-p...@chromium.org, certificate-...@googlegroups.com

Why this is marked as abuse? It has been marked as abuse.

Report not abuse

Hello,

A few years ago the Google CT team tried to turn down non temporal Google CT Logs. To prevent a backward compatibility issue with legacy Apple clients, we decided to keep them running for some time, while restricting their trust anchors. A few years down the line, and with Chrome 101 removing or retiring non temporal Google CT Logs, we are now proceeding with those initial plans.

We will turn down the following logs:

Google 'Aviator' log (https://ct.googleapis.com/aviator/)
Google 'Icarus' log (https://ct.googleapis.com/icarus/)
Google 'Pilot' log (https://ct.googleapis.com/pilot/)
Google 'Rocketeer' log (https://ct.googleapis.com/rocketeer/)
Google 'Skydiver' log (https://ct.googleapis.com/skydiver/)

Here is the turndown timeline:

2022-05-02T00:00:00Z: Google 'Icarus', 'Pilot', 'Rocketeer' and 'Skydiver' start rejecting new entries
2022-05-16T00:00:00Z: Google 'Icarus', 'Pilot', 'Rocketeer', 'Skydiver' and 'Aviator' endpoints start returning 404

Cheers,

Philippe on behalf of the Google CT Team

Philippe Boneff

unread,

May 13, 2022, 11:45:40 AM5/13/22

to ct-p...@chromium.org, certificate-...@googlegroups.com

Hello,

Following Chrome Temporary rollback of recent Google log retirements, we are postponing the the turndown timeline.

Google 'Icarus', 'Pilot', 'Rocketeer' and 'Skydiver' now reject new entries but are still readable.

We will not configure configure Google 'Icarus', 'Pilot', 'Rocketeer', 'Skydiver' and 'Aviator' to return 404 on read endpoints on 2022-05-16.

Cheers,

Philippe on behalf Google's Certificate Transparency Team

Reply all

Reply to author

Forward

0 new messages