as Chrome changed their policy to stop providing log list to 3rd party CT verifier without their explicit permission, and current Mozilla policy is in effect "we're just using their list", did Mozilla approched to Chrome team to get permission to use list? https://googlechrome.github.io/CertificateTransparency/log_lists.html 2025년 10월 23일 목요일 AM 2시 50분 48초 UTC+9에 Ben Wilson님이 작성:
> All, > > We recently updated our Certificate Transparency policy documentation to > clarify our CT Log Policy. You can view the full content at: > https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency. > > Under our existing Mozilla CT Policy > <https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#CT_Policy>: > > certificates ≤180-day validity require 2 SCTs from distinct log > operators; certificates >180-day validity require 3 SCTs, at least one > from an *Admissible* log at verification; and SCTs via TLS handshake or > OCSP must include 2 SCTs from distinct *Admissible* logs. > > With this update we clarify that Mozilla recognizes CT logs listed in > Chromium’s log_list.json ( > https://googlechrome.github.io/CertificateTransparency/log_lists.html) that > are marked *qualified*, *usable*, *readonly*, or *retired*. Per > https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#CT_Log_Policy, > > log operators should apply through Google’s CT log program. Admissible logs > MUST include all NSS roots that have the websites trust bit enabled, and > log operators MUST maintain reliable uptime, timely merging, and compliance > with CT operational requirements. Mozilla may independently assess or > disqualify any log if needed to protect its users. > > These updates clarify Mozilla’s requirements for CT log operators and, > with the existing CT policy, will ensure continued alignment with other > browsers. > Thanks, > Ben Wilson > Mozilla Root Program Manager > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f10b1589-6671-4fff-8603-590cf4a02fb6n%40mozilla.org.
