Yes. On Thu, Feb 5, 2026 at 7:41 PM Suchan Seo <[email protected]> wrote:
> as Chrome changed their policy to stop providing log list to 3rd party CT > verifier without their explicit permission, and current Mozilla policy is > in effect "we're just using their list", did Mozilla approched to Chrome > team to get permission to use list? > https://googlechrome.github.io/CertificateTransparency/log_lists.html > 2025년 10월 23일 목요일 AM 2시 50분 48초 UTC+9에 Ben Wilson님이 작성: > >> All, >> >> We recently updated our Certificate Transparency policy documentation to >> clarify our CT Log Policy. You can view the full content at: >> https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency. >> >> Under our existing Mozilla CT Policy >> <https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#CT_Policy>: >> certificates ≤180-day validity require 2 SCTs from distinct log >> operators; certificates >180-day validity require 3 SCTs, at least one >> from an *Admissible* log at verification; and SCTs via TLS handshake or >> OCSP must include 2 SCTs from distinct *Admissible* logs. >> >> With this update we clarify that Mozilla recognizes CT logs listed in >> Chromium’s log_list.json ( >> https://googlechrome.github.io/CertificateTransparency/log_lists.html) that >> are marked *qualified*, *usable*, *readonly*, or *retired*. Per >> https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#CT_Log_Policy, >> log operators should apply through Google’s CT log program. Admissible logs >> MUST include all NSS roots that have the websites trust bit enabled, and >> log operators MUST maintain reliable uptime, timely merging, and compliance >> with CT operational requirements. Mozilla may independently assess or >> disqualify any log if needed to protect its users. >> >> These updates clarify Mozilla’s requirements for CT log operators and, >> with the existing CT policy, will ensure continued alignment with other >> browsers. >> Thanks, >> Ben Wilson >> Mozilla Root Program Manager >> > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f10b1589-6671-4fff-8603-590cf4a02fb6n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f10b1589-6671-4fff-8603-590cf4a02fb6n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAGkh42%2Brk-Ufi%2BHxUTjz7NWVTbzRedixECSeOmCfmZZiUXNRdg%40mail.gmail.com.
