Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 611672 Certificate Transparency - StartCom CT log server inclusion request
Starred by 4 users Reported by startsslctlog@gmail.com, May 13 2016 Back to list
Status: Verified
Owner:
Last visit > 30 days ago
Closed: Aug 31
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment
StartCom is requesting inclusion of Certificate Transparency log into Chrome.

Per https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency/log-policy, here are the details for StartCom's log:

Contact Information:
- Email: ct@startssl.com
- Phone number:  +1.213.341.0329   
- Log Operator: Eddy Nigg, Andy Ligg

Log Server URL: https://ct.startssl.com

public key: Attached file: startcom_ct_public_key.pem

description:
This log server is operated by StartCom (https://ct.startssl.com), this log server will not only log all issued SSL certificate by StartCom roots, but also act as a public log server that it will include all trusted root by Mozilla for FREE. 
However, during the testing and log inclusion process, we are only including the StartCom roots as authorized.
Additional root entries will be evaluated after receiving an inclusion request.

MMD: 24 hours

Accepted Root Certificates of the Log: Attached file:  startcom_ct_accepted_roots.pem
 
startcom_ct_accepted_roots.pem
9.2 KB Download
startcom_ct_public_key.pem
178 bytes Download
Comment 1 by mge...@chromium.org, May 13 2016
Components: Internals>Network>CertTrans
Status: Untriaged
Comment 2 by eranm@chromium.org, May 16 2016
Cc: certific...@googlegroups.com eranm@chromium.org
Owner: benl@chromium.org
Status: Assigned
Comment 3 by benl@google.com, May 16 2016
Thank you for your request, we have started monitoring your log server.
Should no issues be detected, the initial compliance monitoring phase
will be complete on August 14 2016 and we will update this bug
shortly after that date to confirm.

We add the attached WoSign roots to the list of accepted roots of the StartCom CT log server.
        Issuer: C=CN, O=WoSign CA Limited, CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
        Issuer: C=CN, O=WoSign CA Limited, CN=CA WoSign ECC Root
        Issuer: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
        Issuer: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign G2

WS_CA1_NEW.crt
1.9 KB Download
WS_CA2_NEW.CRT
1.9 KB Download
WS_CA1_G2.crt
1.2 KB Download
ws_ecc.crt
769 bytes Download
Could I ask whether startcom's log (ct.startssl.com) had passed the 90 day compliance period? 
If there is any problem, please contract me, thanks!
Hi,

Sorry for the delay. The StartCom CT log has successfully passed the 90 day compliance monitoring tests. It will be included in Chrome as soon as we can complete the necessary work. 
Owner: mhs@google.com
Project Member Comment 8 by bugdroid1@chromium.org, Aug 25
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19ad77688a08480a7641d621787525ad336cbe69

commit 19ad77688a08480a7641d621787525ad336cbe69
Author: mhs <mhs@google.com>
Date: Thu Aug 25 15:14:40 2016

Add StartCom log to list of known CT Logs

BUG= 611672 

Review-Url: https://codereview.chromium.org/2269633002
Cr-Commit-Position: refs/heads/master@{#414440}

[modify] https://crrev.com/19ad77688a08480a7641d621787525ad336cbe69/net/cert/ct_known_logs_static-inc.h

Labels: M-54
Status: Verified
We had update our log to include the following additional roots today:

//R1 GlobalSign Root Certificate
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

//R3 GlobalSign Root Certificate
-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
WD9f
-----END CERTIFICATE----
StartSSLNewTrustedRoots20170111.pem
2.5 KB Download
Sign in to add a comment