Hello Jeremy-san, Would you tell us what is the specific date we cannot use the legacy Symantec CT log servers? Is the date of September 28 all right to use the legacy Symantec log servers?
Thank you for your consideration. Best regards, Hisashi Kamo > -----Original Message----- > From: ?? ? [mailto:h-k...@secom.co.jp] > Sent: Monday, September 03, 2018 7:51 PM > To: '?? ?' > Cc: 'ch...@secom.co.jp' > Subject: RE: CT Log deprecation > > Hello Jeremy-san, > > Thank you for the information. > > > As part of our infrastructure consolidation DigiCert will be EOLing legacy > > Symantec CT log servers listed below at > the > > end of September 2018. > > Would you tell us what is the specific date we cannot use the legacy Symantec > CT log servers? > > Best regards, > Hisashi Kamo > > > -----Original Message----- > > From: dev-security-policy > > [mailto:dev-security-policy-bounces+h-kamo=secom.co...@lists.mozilla.org] > > On Behalf Of > > Jeremy Rowley via dev-security-policy > > Sent: Saturday, May 05, 2018 3:03 AM > > To: mozilla-dev-security-pol...@lists.mozilla.org > > Subject: CT Log deprecation > > > > Hi everyone, > > > > > > > > I posted our announcement about deprecation of Symantec CT logs over on the > > Google list a while ago. I figured I'd > post > > something here as well so the community is aware of our plans. > > > > > > > > As part of our infrastructure consolidation DigiCert will be EOLing legacy > > Symantec CT log servers listed below at > the > > end of September 2018. > > > > https://ct.ws.symantec.com/ct/v1 > > (https://bugs.chromium.org/p/chromium/issues/detail?id=483625 ) > > > > https://vega.ws.symantec.com/ct/v1 > > (https://bugs.chromium.org/p/chromium/issues/detail?id=554549#c18 ) > > > > https://sirius.ws.symantec.com/ct/v1 > > (https://bugs.chromium.org/p/chromium/issues/detail?id=692782#c24 ) > > > > > > > > Google seems to operate mirrors for these log servers as announced here > > https://www.ietf.org/mail-archive/web/trans/current/msg01485.html > > > > > > > > >>> > > > > - Google is building out log mirrors for all logs included by Chrome, > > > > and the intent is that read-only requests from Chrome (for STHes, or > > > > inclusion-proofs (via the DNS mechanism above)) will be serviced by a > > > > log mirror, rather than the underlying logs. > > > > >>> > > > > > > > > These links show the actual mirror for each of above CT Logs: > > > > <https://ct.grahamedgecombe.com/logs/10> > > https://ct.grahamedgecombe.com/logs/10 > > > > <https://ct.grahamedgecombe.com/logs/14> > > https://ct.grahamedgecombe.com/logs/14 > > > > <https://ct.grahamedgecombe.com/logs/31> > > https://ct.grahamedgecombe.com/logs/31 > > > > > > > > Many CAs apart from DigiCert (legacy Symantec) currently use at least one > > of these log servers to log their EV/OV > > certificates. We strongly recommend that CAs that currently use any of > > these log servers should start using any other > > log servers in the CT ecosystem as soon as possible (or set up their log). > > This will give these CAs enough time to > secure > > permissions (if > > required) for using an alternate log server from its operator and complete > > integration with it. Legacy Symantec log > servers > > will fully cease to operate after EOL. > > > > > > > > If you have specific questions please use the contact email published with > > each log server or contact me. > > > > > > > > Jeremy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
